Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1166
Views
5
Helpful
4
Replies

CUCM Pen Testing Vulnerability

Go to solution
Humza Khan
Level 1
Level 1

‎06-06-2015 01:34 AM - edited ‎03-17-2019 03:15 AM

Hi,

 

One of our client done netwrok pen testing. Following are the findings of PEN testing for our cisco equipment, we need to fix this vulnerability ASAP.

 

Suggested by pen testing team.

 

NTP monlist Command Enabled Risk Rating Medium Vulnerability Description

The version of ntpd on the remote host has the 'monlist' command enabled. This command returns a list of recent hosts that have connected to the service. As such, it can be used for network reconnaissance or, along with a spoofed source IP, a distributed denial of service attack Remediation steps

If using NTP from the Network Time Protocol Project, either upgrade to NTP 4.2.7-p26 or later, or add 'disable monitor' to the 'ntp.conf' configuration file and restart the service. Otherwise, contact the vendor. Otherwise, limit access to the affected service to trusted hosts

Affected Hosts

Host                    192.192.10.20                     (CUCM IP Publisher)

Port                     123

 

KIndly suggest, what we do to this request.

 

Regards,

 

Humza Khan

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Terry Cheema
VIP Alumni
VIP Alumni
In response to Humza Khan

‎06-06-2015 03:52 AM

CVE are assigned for commonly known security vulnerabilities. I have highlighted in Blue in my previous post.

As said before, check with TAC for the most appropriate workaround.

And by the way your CUCM version is very old and will be out of TAC support :

http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-communications-manager-callmanager/end_of_life_notice_c51-695269.html

Last Date of Support:
App. SW

The last date to receive service and support for the product. After this date, all support services for the product are unavailable, and the product becomes obsolete.

June 30, 2015

 

-Terry

Please rate helpful posts

View solution in original post

4 Replies 4

Go to solution
Terry Cheema
VIP Alumni
VIP Alumni

‎06-06-2015 01:53 AM

Humza Khan,

You haven't listed the version of CUCM and any CVE mentioned by your tester but still refer  to below BUG

https://tools.cisco.com/bugsearch/bug/CSCus26858

----------------

Cisco Call Manager (CUCM)includes a version of NTPd that is affected by the vulnerability identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296   

This product only allows processing of NTP control messages locally.

---------------

It appears to me your vulnerability is covered by this BUG. Most of the times you need to upgrade the CUCM to mitigate these threats.

Compare your information with this bug and open a TAC case and upgrade to TAC recommended version, usually there are no work arounds in such cases.

-Terry

Please rate all helpful posts and mark the thread as answered if you have no other queries.

0 Helpful

Go to solution
Humza Khan
Level 1
Level 1
In response to Terry Cheema

‎06-06-2015 02:38 AM

Hi Terry,

 

Thanks for your swift response, our client is using CM version is 7.1.5.

I am unable understand your sentence "any CVE mentioned by your tester".

Kindly elaborate.

 

Regards,

Humza Khan

0 Helpful

Go to solution
Terry Cheema
VIP Alumni
VIP Alumni
In response to Humza Khan

‎06-06-2015 03:52 AM

CVE are assigned for commonly known security vulnerabilities. I have highlighted in Blue in my previous post.

As said before, check with TAC for the most appropriate workaround.

And by the way your CUCM version is very old and will be out of TAC support :

http://www.cisco.com/c/en/us/products/collateral/unified-communications/unified-communications-manager-callmanager/end_of_life_notice_c51-695269.html

Last Date of Support:
App. SW

The last date to receive service and support for the product. After this date, all support services for the product are unavailable, and the product becomes obsolete.

June 30, 2015

 

-Terry

Please rate helpful posts

Go to solution
Humza Khan
Level 1
Level 1
In response to Terry Cheema

‎06-06-2015 04:22 AM

Hi Terry, 

 

Thanks for your entire support. Your opinion is very helpful for me. So in this case we need to suggest our client to upgrade CUCM.

 

Regards,

Humza Khan

0 Helpful
Customers Also Viewed These Support Documents