‘Cisco Unified Communications Manager Denial of Service Vulnerabilities’

Summary

Cisco Unified Communications Manager contains two denial of service vulnerabilities that affect the processing of Session Initiation Protocol (SIP) messages.’

Credit:

‘The original article can be found at: http://www.cisco.com/warp/public/707/cisco-sa-20100825-cucm.shtml


Details

Vulnerable Systems:
 * Cisco Unified Communications Manager 6.x
 * Cisco Unified Communications Manager 7.x
 * Cisco Unified Communications Manager 8.x

Immune Systems:
 * Cisco Unified Communications Manager version 4.x
 * Cisco Unified Communications Manager versions 6.1(5)SU1, 7.0(2a)SU3, 7.1(3b)SU2, 7.1(5) and 8.0(1).
 * Cisco Unified Communications Manager versions 7.0(2a)SU3, 7.1(5) and 8.0(3).

Cisco Unified Communications Manager contains two DoS vulnerabilities that involve the processing of SIP messages. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, which could result in the disruption of voice services. All SIP ports (TCP ports 5060 and 5061, UDP ports 5060 and 5061) are affected.

The first SIP DoS vulnerability is documented in Cisco bug ID CSCtd17310 and has been assigned the CVE identifier CVE-2010-2837. This vulnerability is fixed in Cisco Unified Communications Manager versions 6.1(5)SU1, 7.0(2a)SU3, 7.1(3b)SU2, 7.1(5) and 8.0(1). Cisco Unified Communications Manager version 4.x is not affected.

The second SIP DoS vulnerability is documented in Cisco bug ID CSCtf66305 and has been assigned the CVE identifier CVE-2010-2838. The second vulnerability is fixed in Cisco Unified Communications Manager versions 7.0(2a)SU3, 7.1(5) and 8.0(3). Cisco Unified Communications Manager versions 4.x and 6.x are not affected.

Workaround:
There are no workarounds for the vulnerabilities described in this advisory.

It is possible to mitigate this vulnerability by implementing filtering on screening devices and permitting access to TCP ports 5060 and 5061 and to UDP ports 5060 and 5061 only from networks that require SIP access to Cisco Unified Communications Manager servers. If Cisco Unified Communications Manager does not need to provide SIP services, administrators can configure the Cisco Unified Communications Manager to listen for SIP messages on non-standard ports. Use the following instructions to change the ports from their default values:

Step 1: Log into the Cisco Unified Communications Manager Administration web interface.
Step 2: Navigate to System > Cisco Unified CM and locate the appropriate Cisco Unified Communications Manager.
Step 3: Change the SIP Phone Port and SIP Phone Secure Port fields to a non-standard port and click Save.

The SIP Phone Port, which is set to 5060 by default, refers to the TCP and UDP ports on which the Cisco Unified Communications Manager listens for normal SIP messages. SIP Phone Secure Port, which is set to 5061 by default, refers to the TCP port on which the Cisco Unified Communications Manager listens for SIP over Transport Layer Security (TLS) messages.

CVE Information:
CVE-2010-2837
CVE Information:
CVE-2010-2838

Disclosure Timeline:
2010-August-25 Initial public release.’

Categories: News