Skip Links

Network World

  • Social Web 
  • Email 
  • Close

(Comma separation for multiple addresses)
Your Message:

IOS glitch could leave VoIP-enabled routers vulnerable to DoS attacks

By Phil Hochmuth , NetworkWorld.com , 01/21/2005
  • Share/Email
  • Tweet This
  • Comment
  • Print

Cisco warned this week that an IOS software glitch could leave VoIP-enabled routers vulnerable to attack.

The software flaw affects only Cisco routers running IOS Telephony Services, CallManager Express or Survivable Remote Site Telephony (SRST). These services use Cisco’s Skinny Call Control Protocol (SCCP, or Skinny), which controls signaling between Cisco IP telephones and CallManager call processors. The IOS bug could allow an attacker to send malformed packets to the Skinny port on a Cisco VoIP-enabled router, Cisco says.

McAfee Total Protection for Secure Business: Download now

“Successful exploitation of the vulnerability may result in a device reload,” according to a Cisco Web advisory. “Repeated exploitation could result in a Denial of Service (DoS) attack.”

The routers running any of the three affected VoIP services must also be running IOS software release trains 12.1YD, 12.2T, 12.3 and 12.3T in order to be considered vulnerable, Cisco says.

Related Content

SRST is usually deployed on Cisco routers in branch offices that connect IP phones in the branch to a centralized CallManager IP PBX. SRST allows phones to get local dial tone and some calling features in case the WAN link back to the IP PBX fails. IOS Telephony Services also performs this feature, but CallManager Express is a module for Cisco routers which adds additional call-processing and memory power for routers, allowing them to act as self-sufficient phone systems.

Cisco says that customers whose routers have the vulnerable IOS code can obtain fixed software through Cisco or through channel partners, or they can upgrade to a higher IOS code release.

Because IOS software upgrades would require routers to come offline during the upgrade, Cisco says users can employ some workarounds until fixed code is obtained and installed. Cisco says users can set the routers to restrict Skinny protocol traffic only to locally connect IP phones. (Cisco recommends this as common practice for CallManager users; this setting is not configured by default in CallManager Express “for ease of management,” according to Cisco’s support Web site.) Cisco says users can also install access control lists to block WAN access to block port 2000, which would keep external Skinny-based traffic from accessing the device.

More information and links to software fixes are available here:
http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml

  • Share/Email
  • Tweet This
  • Comment
  • Print

Comment
Login
Forgot your account info?
Add comment
Anonymous comments subject to approval. Register here for member benefits.
Have a NetworkWorld account? Log in here. Register now for a free account.

Most Read

View more Most Read

Videos

rssRss Feed

Latest News

rssRss Feed