cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1177
Views
0
Helpful
4
Replies

UC320W and asterisk security vulnerabilities

Efim Kuznetsov
Beginner
Beginner

UC320W listening 5064 port on WAN and any desirous can use your device as SIP proxy!

| SIP Device        | User Agent            | Fingerprint |
-----------------------------------------------------------
| X.X.X.X:5064 | Cisco/UC320W-2.3.3(4) | disabled    |

4 Replies 4

Efim Kuznetsov
Beginner
Beginner

Nov 13 20:03:44 UC320W user.debug voice: INVITE sip:+970599198685@X.X.X.X:5064 SIP/2.0
To: +970599198685<sip:+970599198685@X.X.X.X>
From: 1001<sip:1001@X.X.X.X>;tag=454bc890
Via: SIP/2.0/UDP 37.220.30.42:5076;branch=z9hG4bK-e3e3c7ba1733e591b791727d32b548cf;rport
Call-ID: e3e3c7ba1733e591b791727d32b548cf
CSeq: 1 INVITE
Contact: <sip:1001@37.220.30.42:5076>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE
User-Agent: sipcli/v1.8
Content-Type: application/sdp
Content-Length: 279

v=0
o=sipcli-Session 102773540 341735944 IN IP4 37.220.30.42
s=sipcli
c=IN IP4 37.220.30.42
t=0 0
m=audio 5077 RTP/AVP 18 0 8 101
a=fmtp:101 0-15
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv

Nov 13 20:03:44 UC320W user.debug voice:

Nov 13 20:03:44 UC320W user.debug voice: [9]->37.220.30.42:5076(363)

Nov 13 20:03:44 UC320W user.debug voice: SIP/2.0 100 Trying
To: +970599198685<sip:+970599198685@X.X.X.X>
From: 1001<sip:1001@X.X.X.X>;tag=454bc890
Call-ID: e3e3c7ba1733e591b791727d32b548cf
CSeq: 1 INVITE
Via: SIP/2.0/UDP 37.220.30.42:5076;branch=z9hG4bK-e3e3c7ba1733e591b791727d32b548cf
Server: Cisco/UC320W-2.3.3(4)
Allow-Events: talk, hold, conference, x-spa-cti
Content-Length: 0

I restrict this hole but this is far from an ideal solution, IMHO

http://192.168.10.1/admin/voice/

tab -> System

option -> Restricted Access Domains:  your.sipproxy.com

*this works only before you click "Apply All Changes" in web admin


For permanent apply of this settings you must change config file via telnet. Also I use tftp to copy files to PC and back to router.

./home/usb_disk/cfg/misc/config.xml

line: <Restricted_Access_Domains>your.sipproxy.com</Restricted_Access_Domains>
    Line 2915: Nov 28 20:29:21 UC320W user.debug voice: SIP message from source IP 188.138.98.114 is blocked.
    Line 2939: Nov 28 20:32:18 UC320W user.debug voice: SIP message from source IP 198.7.62.118 is blocked.
    Line 2978: Nov 28 20:37:18 UC320W user.debug voice: SIP message from source IP 188.138.33.226 is blocked.
    Line 3643: Nov 28 21:48:37 UC320W user.debug voice: SIP message from source IP 198.7.62.118 is blocked.
    Line 4083: Nov 28 22:32:45 UC320W user.debug voice: SIP message from source IP 89.163.144.80 is blocked.
    Line 4314: Nov 28 23:00:10 UC320W user.debug voice: SIP message from source IP 50.30.37.184 is blocked.
    Line 5658: Nov 29 01:20:51 UC320W user.debug voice: SIP message from source IP 107.150.63.66 is blocked.
    Line 5917: Nov 29 01:54:25 UC320W user.debug voice: SIP message from source IP 85.25.237.51 is blocked.
    Line 6140: Nov 29 02:13:58 UC320W user.debug voice: SIP message from source IP 173.255.139.178 is blocked.
    Line 7980: Nov 29 03:52:41 UC320W user.debug voice: SIP message from source IP 188.138.75.89 is blocked.
    Line 8455: Nov 29 04:46:03 UC320W user.debug voice: SIP message from source IP 178.162.198.132 is blocked.
    Line 9254: Nov 29 06:06:44 UC320W user.debug voice: SIP message from source IP 161.202.40.186 is blocked.
    Line 9363: Nov 29 06:19:53 UC320W user.debug voice: SIP message from source IP 209.126.97.240 is blocked.
    Line 9495: Nov 29 06:34:02 UC320W user.debug voice: SIP message from source IP 188.138.98.114 is blocked.
    Line 9573: Nov 29 06:44:08 UC320W user.debug voice: SIP message from source IP 209.62.211.118 is blocked.
    Line 9620: Nov 29 06:49:31 UC320W user.debug voice: SIP message from source IP 188.138.33.226 is blocked.
    Line 11009: Nov 29 09:19:15 UC320W user.debug voice: SIP message from source IP 50.30.37.156 is blocked.
    Line 11152: Nov 29 09:38:38 UC320W user.debug voice: SIP message from source IP 212.129.7.254 is blocked.
    Line 11266: Nov 29 09:53:40 UC320W user.debug voice: SIP message from source IP 85.25.237.51 is blocked.
    Line 11725: Nov 29 10:47:34 UC320W user.debug voice: SIP message from source IP 85.25.237.51 is blocked.
    Line 13065: Nov 29 12:51:18 UC320W user.debug voice: SIP message from source IP 89.163.144.80 is blocked.
    Line 13067: Nov 29 12:51:18 UC320W user.debug voice: SIP message from source IP 89.163.144.80 is blocked.
    Line 13257: Nov 29 13:07:53 UC320W user.debug voice: SIP message from source IP 31.3.230.210 is blocked.

Efim Kuznetsov
Beginner
Beginner

Nov 12 04:37:47 UC320W user.debug voice: INVITE sip:0041215085034@X.X.X.X:5064 SIP/2.0
To: 0041215085034<sip:0041215085034@X.X.X.X>
From: 1002<sip:1002@X.X.X.X>;tag=4f56334e
Via: SIP/2.0/UDP 77.66.12.140:5070;branch=z9hG4bK-e7e00f8ce7745384199f7c940f1f41e1;rport
Call-ID: e7e00f8ce7745384199f7c940f1f41e1
CSeq: 1 INVITE
Contact: <sip:1002@77.66.12.140:5070>
Max-Forwards: 70
Allow: INVITE, ACK, CANCEL, BYE
User-Agent: sipcli/v1.8
Content-Type: application/sdp
Content-Length: 280

v=0
o=sipcli-Session 543029397 1353721986 IN IP4 77.66.12.140
s=sipcli
c=IN IP4 77.66.12.140
t=0 0
m=audio 5072 RTP/AVP 18 0 8 101
a=fmtp:101 0-15
a=rtpmap:18 G729/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=ptime:20
a=sendrecv

Nov 12 04:37:47 UC320W user.debug voice:

Nov 12 04:37:47 UC320W user.debug voice: [9]->77.66.12.140:5070(363)

Nov 12 04:37:47 UC320W user.debug voice: SIP/2.0 100 Trying
To: 0041215085034<sip:0041215085034@X.X.X.X>
From: 1002<sip:1002@X.X.X.X>;tag=4f56334e
Call-ID: e7e00f8ce7745384199f7c940f1f41e1
CSeq: 1 INVITE
Via: SIP/2.0/UDP 77.66.12.140:5070;branch=z9hG4bK-e7e00f8ce7745384199f7c940f1f41e1
Server: Cisco/UC320W-2.3.3(4)
Allow-Events: talk, hold, conference, x-spa-cti
Content-Length: 0

Ended up dumping UC320W for freepbx - endpoint manager is pretty ordinary but compared to the UC limitations I can live with it

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: