Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1292
Views
0
Helpful
9
Replies

ATA 186 Port 80 vulnerability

Go to solution
chadrife1
Level 1
Level 1

‎10-02-2018 07:26 AM - edited ‎03-18-2019 12:33 PM

Hello Community! 

 

 Looking for a way to disable the web interface of these devices either from CUCM or local side. Our Security Dept has flagged these with a port 80 vulnerability and which our CUCM provider has yet to provide any reasonable action.  Suggestions were to input an ACL however that would be a last resort and not knowing if that will block any other functionality. 

 

Suggestions would be greatly appreciated.

Thanks,IP Telephony and Phones

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Daniele Giordano
Level 8
Level 8

‎10-02-2018 07:43 AM

Hi, you can modify the bit 7 of OpFlag of the common configuration file on the tftp server:

 

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cata/186_188/2_15_ms/english/administration/guide/sccp/sccp/sccpach3.html

 

The bit 7 is used to configure "web configuration access", 0 allow web config, 1 do not allow.

 

This metho is not so easy. Probably you can check on whiwhat is the IP of the default gateway of your ATAs and configure an ACL to block all accesse on the port 80.

 

Regards. 

View solution in original post

0 Helpful

Go to solution
Scott Pedersen
Level 1
Level 1
In response to chadrife1

‎10-04-2018 06:58 AM - edited ‎10-04-2018 07:04 AM

If the device is giving you trouble with the web interface and assuming you are using a manage switch why not write an ACL to block port 80 traffic at the switchport? It should not not block any functionality aside from the web interface.

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Daniele Giordano
Level 8
Level 8

‎10-02-2018 07:43 AM

Hi, you can modify the bit 7 of OpFlag of the common configuration file on the tftp server:

 

https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cata/186_188/2_15_ms/english/administration/guide/sccp/sccp/sccpach3.html

 

The bit 7 is used to configure "web configuration access", 0 allow web config, 1 do not allow.

 

This metho is not so easy. Probably you can check on whiwhat is the IP of the default gateway of your ATAs and configure an ACL to block all accesse on the port 80.

 

Regards. 

0 Helpful

Go to solution
chadrife1
Level 1
Level 1
In response to Daniele Giordano

‎10-03-2018 08:30 AM

Daniele - Thank you for the response. We've been going back and forth with
our provider with no luck.

Can this be changed locally in the web interface then once applied will
stop the access?
0 Helpful

Go to solution
Scott Pedersen
Level 1
Level 1
In response to chadrife1

‎10-03-2018 08:36 AM

OP flag parameter is available over the web interface from the Network Parameters Link in the left menu. 

 

0 Helpful

Go to solution
chadrife1
Level 1
Level 1
In response to Scott Pedersen

‎10-03-2018 08:52 AM

Here's what I see.

 

AtA186.JPG

0 Helpful

Go to solution
Scott Pedersen
Level 1
Level 1
In response to chadrife1

‎10-03-2018 09:00 AM

Thats the setting. Looks like you are on an older Firmware version than I am used to. Adjust the bit that was suggested and see if that works for you.

0 Helpful

Go to solution
chadrife1
Level 1
Level 1
In response to Daniele Giordano

‎10-03-2018 01:56 PM

I was able to test this one at my desk.  Now to work with the vendor for mass fix. 

 

Thank you ALL !

0 Helpful

Go to solution
will.alvord
Level 5
Level 5
In response to chadrife1

‎10-03-2018 07:52 PM

Curious why an open port 80 is in and of itself insecure?

0 Helpful

Go to solution
chadrife1
Level 1
Level 1
In response to will.alvord

‎10-04-2018 05:21 AM

Our main concern is that our infosec team's vulnerability tool flags it as
unsecure due to that port. If it was 443, we would be moving on.

I did find this morning after a reboot, the device somewhat reset itself
and the web interface is enabled.

This is what my opsflag looks now.

0x00000012
0 Helpful

Go to solution
Scott Pedersen
Level 1
Level 1
In response to chadrife1

‎10-04-2018 06:58 AM - edited ‎10-04-2018 07:04 AM

If the device is giving you trouble with the web interface and assuming you are using a manage switch why not write an ACL to block port 80 traffic at the switchport? It should not not block any functionality aside from the web interface.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents