Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
999
Views
7
Helpful
5
Replies

CVE-2023-20198 Vulnerability and PRIs

Go to solution
peter.slade
Level 1
Level 1

‎01-19-2024 04:13 AM

Hi,

I have a quick question about Cisco routers and vulnerabilities when connected to PRIs, I don't have a lot of background on the telco side so this may seem like a stupid question.

Can the routers be hacked through a telco PRI?  Just unsure with a telco PRI if this is an issue where the telcos probably have restrictions on their end that would prevent certain type of traffic.  With the CVE-2023-20198 vulnerability I am assuming that a router without internet connectivity could not be hacked and this vulnerability does not apply to routers just connected to PRIs.

Thought I'd ask.

Thanks

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Maren Mahoney
VIP
VIP

‎01-19-2024 05:13 AM

The CVE-2023-20198 vulnerability relates to http/https and not to ISDN. I am not a security expert, but I've been in telco for a few decades, and I'm not aware of any significant router hacks where ISDN is the attack vector. There was an exploit where ISDN could be used to reboot the router (causing a DoS), but that was several years ago and if your IOS is current you should be okay. Even with that, the exploit would have to be executed in conjunction with other attacks to take control of your router.

With ISDN the bigger threat is hackers using your router to make outbound calls (and then selling that capability to people who call overseas). If you have a well-configured dialplan, including capturing all inbound calls on the PRI, along with leaving ISDN "direct-inward-dial" at its default setting of enabled, you will be fine.

Maren

View solution in original post

5 Replies 5

Go to solution
Maren Mahoney
VIP
VIP

‎01-19-2024 05:13 AM

The CVE-2023-20198 vulnerability relates to http/https and not to ISDN. I am not a security expert, but I've been in telco for a few decades, and I'm not aware of any significant router hacks where ISDN is the attack vector. There was an exploit where ISDN could be used to reboot the router (causing a DoS), but that was several years ago and if your IOS is current you should be okay. Even with that, the exploit would have to be executed in conjunction with other attacks to take control of your router.

With ISDN the bigger threat is hackers using your router to make outbound calls (and then selling that capability to people who call overseas). If you have a well-configured dialplan, including capturing all inbound calls on the PRI, along with leaving ISDN "direct-inward-dial" at its default setting of enabled, you will be fine.

Maren

Go to solution
peter.slade
Level 1
Level 1
In response to Maren Mahoney

‎01-19-2024 05:25 AM

Thank you for the explanation, it helps me understand the connection better.

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP

‎01-19-2024 05:23 AM

To add to what @Maren Mahoney wrote, you should not only think of security issues in relation to if it has accessibility with internet. Most of the rouge penetration attempts are done by people inside of the company, so you would need to account for that when you evaluate security vulnerabilities.



Response Signature


Go to solution
Nithin Eluvathingal
VIP
VIP

‎01-19-2024 06:27 AM

Building on what others have said, it’s essential that we utilize the toll-fraud prevention feature on gateways at the very least to ensure security.

 

https://community.cisco.com/t5/collaboration-knowledge-base/understanding-toll-fraud-enhancements-in-15-1-2-t/ta-p/3123167

 



Response Signature


Go to solution
peter.slade
Level 1
Level 1

‎01-19-2024 08:10 AM

Thank you, the more information the better.

0 Helpful
Customers Also Viewed These Support Documents