- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Cisco Unified Communications Manager CAPF Denial of Service Vulnerability
------------------------------------------------------------------------
SUMMARY
Cisco Unified Communications Manager, formerly Cisco CallManager, contains
a denial of service (DoS) vulnerability in the Certificate Authority Proxy
Function (CAPF) service. Exploitation of this vulnerability could cause an
interruption in voice services. The CAPF service is disabled by default.
DETAILS
Vulnerable Systems:
* Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
* Cisco Unified Communications Manager 6.x versions prior to 6.1(3)
Immune Systems:
* Cisco Unified Communications Manager version 4.x
The CAPF service of Cisco Unified Communications Manager versions 5.x and
6.x contain a vulnerability when handling malformed input that may result
in a DoS condition. The CAPF service is disabled by default; however, if
it is enabled, the CAPF service listens by default on TCP port 3804 and
the listening port is configurable by the user. There is a workaround for
this vulnerability. This vulnerability is fixed in Cisco Unified
Communications Manager versions 5.1(3e) and 6.1(3). This vulnerability is
documented in Cisco Bug ID CSCsq32032 and has been assigned Common
Vulnerabilities and Exposures (CVE) identifier CVE-2009-0057.
Impact:
Successful exploitation of the vulnerability described in this advisory
may result in the interruption of voice services.
Workarounds:
To mitigate against this vulnerability, system administrators can disable
the CAPF service if it is not necessary for business operations. Access to
the CAPF service is only required if Cisco Unified Communications Manager
systems and IP phone devices are configured to use certificates for a
secure deployment. If phones are not configured to use certificates, then
the CAPF service can be disabled. The CAPF service is controlled by the
Cisco Certificate Authority Proxy Function menu selection.
It is possible to mitigate the CAPF vulnerability by implementing
filtering on screening devices if the CAPF service is required. If the
CAPF service is enabled, allow access to TCP port 3804 only from networks
that contain IP phone devices that require the CAPF service. The CAPF port
is user configurable, and if modified, filtering on screening devices
should be based on the TCP port that is used.
For Cisco Unified Communications Manager 5.x and 6.x systems, please
consult the following documentation for details on how to disable Cisco
Unified Communications Manager services:
<http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/5_0_1/ccmsrva/sasrvact.html#wp1048220> http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/5_0_1/ccmsrva/sasrvact.html#wp1048220
Additional mitigation techniques that can be deployed on Cisco devices
within the network are available in the Cisco Applied Mitigation Bulletin
companion document for this advisory:
<http://www.cisco.com/warp/public/707/cisco-amb-20090121-cucmcapf.shtml>
http://www.cisco.com/warp/public/707/cisco-amb-20090121-cucmcapf.shtml
ADDITIONAL INFORMATION
The information has been provided by <mailto:psirt@cisco.com> Cisco
Systems Product Security Incident Response Team.
The original article can be found at:
<http://www.cisco.com/warp/public/707/cisco-sa-20090121-cucmcapf.shtml>
http://www.cisco.com/warp/public/707/cisco-sa-20090121-cucmcapf.shtml
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment