Critical hole in Cisco products
Cisco has reported a security hole in its "Unified Communications" product series which allows attackers to gain control of a system. The vulnerability is said to be located in the "Disaster Recovery Framework". Without giving further details, Cisco reports that the vulnerability allows attackers to connect to the DRF Master server listening at port 4040 and manipulate or delete backups, copy backups onto a remote server, restore configurations or execute arbitrary system commands at admin privilege level without authentication.
The following products are affected:
- Cisco Unified Communications Manager (CUCM) 5.x and 6.x
- Cisco Unified Communications Manager Business Edition
- Cisco Unified Presence 1.x and 6.x
- Cisco Emergency Responder 2.x
- Cisco Mobility Manager 2.x
Cisco Unified Communications Manager versions 3.x and 4.x are not affected.
Cisco has released updates to resolve the problem. As a workaround the vendor suggests the DRF Master be disabled. However, this will prevent further backups being created. As an alternative, access to port 4040 can be restricted. In addition to the advisory, Cisco has published a bulletin called "Identifying and Mitigating Exploitation of the Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability" that offers further assistance.
- Cisco Unified Communications Disaster Recovery Framework Command Execution Vulnerability, Cisco security advisory.