1
2010
June 2010: two Cisco vulnerabilities
The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:
- Vulnerabilities in Cisco Unified Contact Center Express
- Cisco Application Extension Platform Privilege Escalation Vulnerability
Vulnerabilities in Cisco Unified Contact Center Express
Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of service (DoS) vulnerability and a directory traversal vulnerability. These vulnerabilities are independent of each other. Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure.
Vulnerable Products
The vulnerabilities described in this document affect the following products:
- Cisco UCCX versions 5.x, 6.x, and 7.x
- Cisco Customer Response Solution (CRS) versions 5.x, 6.x, and 7.x
- Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) versions 5.x, 6.x, and 7.x
Details
Denial of Service Vulnerability: A DoS vulnerability exists in the computer telephony integration (CTI) server component of the Cisco UCCX product. The CTI server is only started when the Integrated Call Distribution (ICD) license is enabled, Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) deployments are not affected by the CTI server DoS vulnerability. The CTI server listens by default on TCP port 42027, although the port number can be changed in the System Port Parameters screen. This vulnerability is triggered by malformed CTI messages addressed to the vulnerable systems that could cause the CTI server and the Cisco Unified CCX Node Manager to fail, and all active agents will be logged out. The DoS condition will be temporal and the Cisco UCCX system will become operational again once the node manager and the CTI server complete their automatic restart.
Directory Traversal Vulnerability: A directory traversal vulnerability exists in the bootstrap service of the Cisco UCCX product that allows read access to any file on the system. This vulnerability is triggered by bootstrap messages addressed to TCP port 6295. The bootstrap service is used to keep the UCCX configuration synchronized across servers in a high-availability deployment model. All deployment modes can be affected, such as ICD, ICM and IP-IVR, but only if a second node has been added to the configuration. (Nodes can be listed using the Cisco UCCX Administration Web interface with the Server option in the System pull-down taskbar). A high-availability license is not required for a system to be vulnerable.
Impact
Successful exploitation of the Cisco UCCX CTI server DoS vulnerability will cause the agents to logout, and the Cisco UCCX server will be temporarily unavailable to agents until the node manager service and CTI server complete their automatic restart. Repeated attempts to exploit this vulnerability could result in a sustained DoS condition. Successful exploitation of the Cisco UCCX bootstrap service directory traversal vulnerability enables an unauthenticated attacker to read any file on the system.
Link: http://www.cisco.com/…/security_advisory09186a0080b2f110.shtml
Cisco Application Extension Platform Privilege Escalation Vulnerability
The Cisco Application Extension Platform contains a privilege escalation vulnerability in the tech support diagnostic shell that may allow an authenticated user to obtain administrative access to a vulnerable Cisco Application Extension Platform module. Cisco has released free software updates that address this vulnerability. There is no workaround for this vulnerability.
Vulnerable Products
The following products are affected by this vulnerability:
- Cisco Application Extension Platform version 1.1
- Cisco Application Extension Platform version 1.1.5 if upgraded from version 1.1
Details
The Cisco Application Extension Platform (AXP) allows third-party applications to be hosted on Cisco Integrated Services Routers (ISR). A privilege escalation vulnerability exists in command-line interface of the the tech support diagnostic shell that may allow an authenticated user to obtain complete administrative access to vulnerable Cisco AXP module. The tech support shell is accessed using the techsupport support shell command. Authenticated Cisco AXP users can use an application programming interface (API) to execute commands on the Cisco ISR that is hosting the AXP module. It may be possible for an AXP user to obtain sensitive configuration information that allows the user to gain access to the ISR device. Cisco AXP version 1.5 requires that a user be configured in the ISR configuration before the AXP user can execute commands using the API.
Impact
Successful exploitation of the vulnerability may allow an authenticated user to obtain complete administrative access to a vulnerable Cisco Application Extension Platform module.
Link: http://www.cisco.com/…/security_advisory09186a0080b3290b.shtml
Related Posts
- Google Releases Google Chrome 27.0.1453.93 http://t.co/N8BnqjGWvl
- Senior Executives Say Cloud-Based Collaboration Leads to Higher Business Performance http://t.co/mG2W0O7z88
- Telefonica and Cisco Complete 4,000 kilometer 100Gbps IPoDWDM Trial http://t.co/7c0uqzH6bG
Email Updates
Archives
- May 2013
- April 2013
- March 2013
- February 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008