09-26-2023 09:04 AM
Hi,
The VAPT team has identified TFTP services as a vulnerability because they can retrieve files without any authentication. Consequently, I have restricted access exclusively to the phone VLAN. However, they are suggesting that this issue should be addressed at the system level, as ACLs are not considered a sufficient solution
Please advise
cucm 11.5
09-26-2023 09:57 AM - edited 09-26-2023 09:57 AM
Well.. about TFTP it's true,but you can apply encryption to all file exchanged between devices and cucm so they would be unussefull to an attacker.
UC Security Design also includes the signaling and voice encryption if required.
HTH
Regards
Carlo
09-26-2023 10:29 AM - edited 09-26-2023 11:32 AM
09-26-2023 11:34 AM - edited 09-26-2023 11:35 AM
Hi,
Thanks for your vote
7906 supports encryption and is still a Cucm supported model even if he has reached his life about 8 years ago.
Regarding files, well.. they are configuration files , ringtones and images .. an attacker colud retrieve network info and personal data such as users Names and extensions but, except the privacy nothing that can compromise other systems.
Obviously, it’s to your network/security engineer to protect the rest of your infrastructure
Here is a security guide that could be helpful.
HTH
Regards
Carlo
09-26-2023 11:59 AM
Hi,
I am using 6901 phone also , for encrypting tftp files , I need to change the secuiry mode from default to mixed mode
Does it have any impact
Thanks
09-26-2023 12:55 PM
Hi,
All depends on different factors:
Your actual deployment, number of devices/users, applications you are running (Eg. Voicemail, IM&P , Contact Center and so forth) number of sites.
For sure, when you change the cluster to Mixed Mode, all devices will use certificates to authenticate and decrypt files.
So you have to take care of certificates expiration on every core Cucm services.
The good news is that you don’t need hardware tokens( containing certificates) but you can generate tokens via Cucm cli.
Just follow the security guide and you’ll minimize the impact.
If you need further info, don’t hesitate to ask.
Regards
Carlo
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide