Jun
5
2013

May 2013: two Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:

  • Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability
  • Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software

Cisco TelePresence Supervisor MSE 8050 Denial of Service Vulnerability
Cisco TelePresence Supervisor MSE 8050 contains a vulnerability that may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system.

Vulnerable Products
Cisco TelePresence Supervisor MSE 8050 running software versions 2.2(1.17) and earlier are affected by this vulnerability.

Details
A vulnerability in the network stack of the Cisco TelePresence MSE 8050 Supervisor could allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system. The vulnerability is due to improper handling and processing of TCP connection requests sent at a high rate. An attacker could exploit this vulnerability by sending a sequence of TCP segments at a high rate to the management IP address of the affected system. A full TCP three-way handshake is required to exploit this vulnerability. An exploit could allow the attacker to cause high CPU utilization, which may trigger a reload of the affected system and cause a denial of service condition.

Impact
Successful exploitation of the vulnerability may allow an unauthenticated, remote attacker to cause high CPU utilization and a reload of the affected system.

Link: http://tools.cisco.com/…/cisco-sa-20130515-mse

Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software
Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple vulnerabilities. Various components of Cisco Unified CVP are affected. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

Vulnerable Products
Cisco Unified CVP Software versions prior to 9.0.1 ES 11 are vulnerable.

Details

  • Cisco Unified Customer Voice Portal Software SIP INVITE Packet Vulnerability: A malformed SIP INVITE vulnerability exists in the CallServer component of the Cisco Unified CVP could allow an unauthenticated, remote attacker to cause the system to not accept new calls. The vulnerability is due to improper processing of malformed SIP INVITE packets. An attacker could exploit this vulnerability by sending malformed SIP INVITE packets to a Cisco Unified CVP server.
  • Cisco Unified Customer Voice Portal Software Tomcat Web Application Vulnerability: A Tomcat web application vulnerability in the Tomcat Web Management component of the Cisco Unified CVP could allow an unauthenticated, remote attacker to escalate privileges and gain administrator access. The vulnerability is due to improper configuration of Tomcat components.
  • Cisco Unified Customer Voice Portal Software Tomcat Configuration Vulnerability: A Tomcat web application vulnerability in the Tomcat Web Management component of the Cisco Unified CVP could allow an unauthenticated, remote attacker to execute unauthorized user-supplied web applications. The vulnerability is due to improper configuration of Tomcat components.
  • Cisco Unified Customer Voice Portal Software File Access Vulnerability: A file access vulnerability in the log viewer of the Cisco Unified CVP could allow an unauthenticated, remote attacker to view arbitrary system files. The vulnerability is due to an incorrect parameter check. An attacker could exploit this vulnerability by sending a crafted request to the log viewer.
  • Cisco Unified Customer Voice Portal Software Path Traversal Vulnerability: A path traversal vulnerability in the Resource Manager component of the Cisco Unified CVP that could allow an unauthenticated, remote attacker to overwrite system files. The vulnerability is due to an incorrect parameter check. An attacker could exploit this vulnerability by sending a crafted request to the Resource Manager.
  • Cisco Unified Customer Voice Portal Software XML Entity Expansion vulnerability: A file access vulnerability in the Cisco Unified CVP that could allow an unauthenticated, remote attacker to view arbitrary system files. The vulnerability is due to a missing check for XML entity expansion. An attacker could exploit this vulnerability by sending a crafted request to the Resource Manager.

Impact
Successful exploitation of these vulnerabilities may have various impacts.

  • Successful exploitation of the Cisco Unified Customer Voice Portal Software SIP INVITE Packet Vulnerability documented in Cisco Bug ID CSCua65148 (registered customers only) could allow an unauthenticated, remote attacker to cause the system to not accept new calls.
  • Successful exploitation of the Cisco Unified Customer Voice Portal Software Tomcat Web Application Vulnerability documented in Cisco Bug ID CSCub38384 (registered customers only) could allow an unauthenticated, remote attacker to escalate privileges and gain administrator access.
  • Successful exploitation of the Cisco Unified Customer Voice Portal Software Tomcat Configuration Vulnerability documented in Cisco Bug ID CSCub38379 (registered customers only) could allow an unauthenticated, remote attacker to execute unauthorized user-supplied web applications.
  • Successful exploitation of the Cisco Unified Customer Voice Portal Software File Access Vulnerability documented in Cisco Bug ID CSCub38372 (registered customers only) could allow an unauthenticated, remote attacker to view arbitrary system files.
  • Successful exploitation of the Cisco Unified Customer Voice Portal Software Path Traversal Vulnerability documented in Cisco Bug ID CSCub38369 (registered customers only) could allow an unauthenticated, remote attacker to overwrite system files.
  • Successful exploitation of the Cisco Unified Customer Voice Portal Software XML Entity Expansion Vulnerability documented in Cisco Bug ID CSCub38366 (registered customers only) could allow an unauthenticated, remote attacker to view arbitrary system files.

Link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp