06-22-2009 05:07 PM - edited 03-12-2019 08:53 AM
These products are vulnerable:
Cisco Unified Communications Manager version 6.0 and Cisco CallManager Express are not affected by these vulnerabilities. No other Cisco products are currently known to be affected by these vulnerabilities.
Cisco Unified Communications Manager, formerly Cisco CallManager, is the call processing component of the Cisco IP telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications.
Vulnerability Details
It is possible to workaround the CTL Provider service overflow vulnerability. In order to do this, disable the CTL Provider service if it is not needed. Access to the CTL Provider service is usually only required during the initial configuration of Cisco Unified Communications Manager authentication and encryption features. Refer to these documents:
Filter traffic to affected Cisco Unified Communications Manager systems on screening devices as a mitigation technique for both vulnerabilities:
It is possible to change the default ports of the CTL Provider (2444/TCP) and RIS Data Collector (2556/TCP) services. If changed, filtering must be based on the values used. The values of the ports can be viewed in the Cisco Unified Communications Manager Administration interface. In order to do this, choose System > Service Parameters, and choose the appropriate service.
There is currently no method to configure filtering directly on a Cisco Unified Communications Manager system.
Although it is often difficult to the block traffic that transits the network, it is possible to identify traffic that must never be allowed to target the infrastructure devices and block that traffic at the border of the network. Infrastructure access lists (ACLs) are considered a network security best practice and must be considered as a long-term addition to good network security, as well as a workaround for this specific vulnerability. The filters must be included as part of an infrastructure access list which protects all devices with IP addresses in the infrastructure IP address range.
Refer to Protecting Your Core: Infrastructure Protection Access Control Lists, which explains guidelines and recommended deployment techniques for infrastructure protection access lists.
Filters that block access to TCP/2444 and TCP/2556 must be deployed at the network edge as part of a transit access list which protects the router where the ACL is configured, as well as other devices behind it. Refer to Transit Access Control Lists: Filtering at Your Edge for more information about transit ACLs.
Cisco will make free software available to address this vulnerability for affected customers. This case will be updated as fixed software becomes available. Prior to the deployment of software, consult the maintenance provider or check the software for feature set compatibility and known issues specific to the environment.
Fixed software for Cisco Unified Communications Manager can be obtained here:
Cisco Unified Communications Manager Version | Fixed Release | Download Location |
---|---|---|
3.3 | 3.3(5)SR2b (Expected Availability July 18) | |
4.0 | N/A | Upgrade to 4.1(3)SR5b or 4.2(3)SR2b |
4.1 | 4.1(3)SR5b | |
4.2 | 4.2(3)SR2b | |
4.3 | 4.3(1)SR1 | |
5.0 | N/A | Upgrade to 5.1(2a) * |
5.1 | 5.1(2a) * |
* Cisco strongly recommends to upgrade to Cisco Unified Communications Manager 5.1(2a) or later in order to obtain fixes for the security vulnerabilities described in this case.
Refer to Cisco Security Advisory: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities for more information.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: