SecuriTeam"! - Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities
CiscoのUnified Communications ManagerにDoSを受ける脆弱性と認証を回避できる脆弱性が存在するそうです。
Details:
Cisco Unified Communications Manager (CUCM) is the call processing component of the Cisco IP Telephony solution that extends enterprise telephony features and functions to packet telephony network devices, such as IP phones, media processing devices, VoIP gateways, and multimedia applications.
Computer Telephony Integration Manager Related Vulnerability
The Computer Telephony Integration (CTI) Manager service of CUCM versions 5.x and 6.x contains a vulnerability when handling malformed input that may result in a DoS condition. The CTI Manager service listens by default on TCP port 2748 and is not user-configurable. There is no workaround for this vulnerability. This vulnerability is fixed in CUCM versions 5.1(3c) and 6.1(2). This vulnerability is documented in Cisco Bug ID CSCso75027.
CVE Information:
CVE-2008-2061Cisco Unified Communications Manager Denial of Service and Authentication Bypass VulnerabilitiesReal-Time Information Server Data Collector Related Vulnerability
The Real-Time Information Server (RIS) Data Collector service of CUCM versions 4.x, 5.x, and 6.x contains an authentication bypass vulnerability that may result in the unauthorized disclosure of certain CUCM cluster information. In normal operation, Real-Time Monitoring Tool (RTMT) clients gather CUCM cluster statistics by authenticating to a Simple Object Access Protocol (SOAP) based web interface. The SOAP interface proxies authenticated connections to the RIS Data Collector process. The RIS Data Collector service listens on TCP port 2556 by default and is user configurable. By connecting directly to the port that the RIS Data Collector process listens on, it may be possible to bypass authentication checks and gain read-only access to information about a CUCM cluster. The information available includes performance statistics, user names, and configured IP phones. This information may be used to mount further attacks. No passwords or other sensitive CUCM configuration may be obtained via this vulnerability. No CUCM configuration changes can be made.
There is no workaround for this vulnerability. This vulnerability is fixed in CUCM versions 4.2(3)SR4, 4.3(2)SR1, 5.1(3), and 6.1(1). For CUCM 4.x versions, this vulnerability is documented in Cisco Bug ID CSCsq35151 and has been assigned CVE identifier CVE-2008-2062. For CUCM 5.x and 6.x versions, this vulnerability is documented in Cisco Bug ID CSCsj90843
CVE Information:
CVE-2008-2730
