As expected, Cisco Security on Wednesday announced software updates to fix two holes in its VoIP prodcuts. The Cisco 
Unified Communications Manager (CUCM), formerly Cisco CallManager, contains a vulnerability in the Computer Telephony Integration (CTI) Manager service that may allow a denial-of-service attack. Also, Cisco's Real-Time Information Server (RIS) Data Collector contains an authentication bypass hole that may expose information that is useful for hackers to mount other attacks. Both of these holes are fixed with software updates available now.
Specifically, CUCM hole affects versions 5.x and 6.x. Malicious input my result in a DoS attack: Cisco says:
The CTI Manager service listens by default on TCP port 2748 and is not user-configurable. There is no workaround for this vulnerability. This vulnerability is fixed in CUCM versions 5.1(3c) and 6.1(2). This vulnerability is documented in Cisco Bug ID CSCso75027 and has been assigned Common Vulnerabilities and Exposures (CVE) identifier CVE-2008-2061.
Meanwhile, the RIS hole affects CUCM versions 4.x, 5.x, and 6.x. It may allow hackers to discover some CUCM cluster information which could be used in other attacks. Cisco says:
In normal operation, Real-Time Monitoring Tool (RTMT) clients gather CUCM cluster statistics by authenticating to a Simple Object Access Protocol (SOAP) based web interface. The SOAP interface proxies authenticated connections to the RIS Data Collector process. The RIS Data Collector service listens on TCP port 2556 by default and is user configurable. By connecting directly to the port that the RIS Data Collector process listens on, it may be possible to bypass authentication checks and gain read-only access to information about a CUCM cluster. The information available includes performance statistics, user names, and configured IP phones. No passwords or other sensitive CUCM configuration may be obtained via this vulnerability. No CUCM configuration changes can be made.
While there is no way to workaround this hole, it is fixed in CUCM versions 4.2(3)SR4, 4.3(2)SR1, 5.1(3), and 6.1(1).
More from Cisco Subnet:
More Cisco Security advisories and patches
Nexus vs. Catalyst 6500
One or two more years before WiMAX will be hot
CCIE sentenced in Cisco SMARTnet fraud
Cisco's vision for the virtual data center
Free books, training, gift certificates -- giveaways for June from Cisco Subnet
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
The Cisco Subnet blog is the official blog of the Network World Cisco Subnet community, managed by Editor Linda Leung. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
(WAN community)
|
|
