In association with heise online

29 March 2007, 13:32

Cisco patches holes in IP telephony software

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has reported several vulnerabilities with its IP telephony products which could result in functionality failures. The components affected are Cisco Unified CallManager (CUCM), and Cisco Unified Presence Server (CUPS). Skinny Call Control Protocol (SCCP) processing services may be crashed by sending a series of specially-crafted packets; Secure SCCP (SCCPS) is also affected by this problem. The bug can be found in CUCM 3.x, 4.x, and 5.0; CUPS is not affected. However, both CUCM and CUPS systems can be caused to fail by a large number of PING packets. Only CUCM version 5.0 and CUPS 1.0 appear vulnerable.

In addition, a bug in IPSec Manager causes the service to crash when a specific UDP packet is sent to port 8500. This will impact call forwarding, but according to Cisco doesn't affect normal telephone operation. CUCM 5.0 and CUPS 1.0 are vulnerable. Updates have been made available for all these vulnerabilities. There is no workaround solution although it may help to filter system accesses.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit