19 October 2007, 11:34

Security vulnerabilities in Cisco hardware and software products

Network equipment supplier Cisco has fixed serious vulnerabilities in multiple hardware and software products. The list of updated products includes the PIX and ASA Security Appliances, Unified Call / Communications Manager (CUCM), Unified Intelligent Contact Management Enterprise (Unified ICME), Unified ICM Hosted (Unified ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH) and System Unified Contact Center Enterprise (SUCCE).

A vulnerability in TFTP File Locator, part of the Unified Communications Manager (formerly CallManager) is particularly critical, as it may allow an attacker to remotely inject arbitrary malicious code. TFTP File Locator is, however, deactivated by default.

Most of the vulnerabilities allow an attacker to force vulnerable systems to reboot by using crafted network packets . By inflicting repeated attacks, it is also possible to disable systems for extended periods. This primarily affects the PIX and ASA series Security Appliances, but the bug is also present in the Firewall Service Module (FWSM). It may be exploited by delivering manipulated TLS and MGCP (Media Gateway Control Protocol) packets to the systems, hence only configurations in which a TLS based module or the MGCP inspector are activated are vulnerable. In addition, Cisco Unified Communications Manager can be caused to crash using crafted SIP INVITE queries.

The Web View and Web Admin web-based monitoring and control modules also contain a vulnerability which attackers with an account in a connected Windows Active Directory may be able to obtain unauthorised access to the services. Web View is part of the Contact Manager and Contact Center product series. The Web Admin module is only available in Unified Contact Center Enterprise.

Details of the versions affected and patches available are given in the Cisco advisories. The patches can only be downloaded by Cisco customers with access to the support websites.