Cisco product flaws affect VoIP gear, routers

A triad of Cisco product vulnerabilities could cause problems for users of the company’s IP PBXs and certain routers, Cisco warned this week.

One vulnerability affecting Cisco CallManagers could leave the IP PBX servers open to denial-of-service attacks, potentially shutting down phone service inside an organization using Cisco CallManagers.

Cisco says the DoS vulnerability exists because CallManager servers do not time out TCP connections on certain ports fast enough. This could cause overuse of CPU and memory resources on the server and lead to a crash or reboot and IP phones not responding with dial tone, the company says.

Vulnerable versions of CallManager are 3.2, 3.3, 4.0 and 4.1. Theses versions “do not manage TCP connections and Windows messages aggressively,” says a Cisco bulletin warning of the vulnerabilities.

Since such an attack would require network access to CallManagers, which are typically deployed behind a firewall, an external DoS attack on the IP PBX is less likely.

Another vulnerability warning sent to customers this week involves the Multi Level Administrator service on CallManager servers. Administrative users without read-write administrator-level access to the CallManager could bump up their privileges by sending a “crafted URL” to the CallManager administrator Web page on the server. This vulnerability affects the same CallManager versions as the DoS issue, Cisco says.

Software fixes for both CallManager vulnerabilities are available.

The third bulletin from Cisco this week warns of a problem in the vendor’s IOS router software that could result in a remotely executed DoS attack on Cisco gear. The problem is with the Cisco IOS Stack Group Bidding Protocol (SGBP), which is used on routers that aggregate multiple Point-to-Point Protocol (PPP) connections. When aggregating multiple PPP links, known as Multilink PPP, the SGBP is used by devices connected via Multilink PPP to identify each other.

Cisco says that if a specially crafted UDP packet is sent to port 9900 on an affected router (i.e., a device running Multilink PPP and SGBP) the device could freeze. Cisco has issued a software fix for the problem.

Short of upgrading IOS software, users can also set up an access control list to block untrusted access to a router via SGBP, Cisco says.

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies