April 2011: two Cisco vulnerabilities
The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:
- Multiple Vulnerabilities in Cisco Unified Communications Manager
- Cisco Wireless LAN Controllers Denial of Service Vulnerability
Multiple Vulnerabilities in Cisco Unified Communications Manager
Cisco Unified Communications Manager (previously known as Cisco CallManager) contains the following vulnerabilities:
- Three denial of service (DoS) vulnerabilities that affect Session Initiation Protocol (SIP) services
- Directory transversal vulnerability
- Two SQL injection vulnerabilities
The following products are affected by at least one of the vulnerabilities that are described in this advisory:
- Cisco Unified Communications Manager 6.x
- Cisco Unified Communications Manager 7.x
- Cisco Unified Communications Manager 8.x
DoS Vulnerabilities in SIP: Cisco Unified Communications Manager contains three DoS vulnerabilities that involve the processing of SIP messages. Each vulnerability is triggered by a malformed SIP message that could cause a critical process to fail, resulting in the disruption of voice services. All SIP ports (TCP ports 5060 and 5061 and UDP ports 5060 and 5061) are affected.
Cisco Unified Communications Manager contains a vulnerability that involves the processing of POST requests. An authenticated, remote attacker with the ability to intercept a packet to the affected device could specify a different location or filename, which may result in the upload of a malicious file.
SQL Injection Vulnerabilities: Cisco Unified Communications Manager is affected by the following vulnerabilities:
- It allow an authenticated, remote attacker to modify the system configuration; create, modify and delete users; or modify the configuration of Cisco Unified Communications Manager.
- It allow an unauthenticated, remote attacker to modify system configuration; create, modify, and delete users; or modify the configuration of Cisco Unified Communications Manager.
Successful exploitation of the vulnerabilities that are described in this advisory could result in the interruption of voice services, privilege escalation and possible data modification. In the case of DoS attacks, the affect Cisco Unified Communications Manager processes will restart, but repeated attacks may result in a sustained DoS condition.
Cisco Wireless LAN Controllers Denial of Service Vulnerability
The Cisco Wireless LAN Controller (WLC) product family is affected by a denial of service (DoS) vulnerability where an unauthenticated attacker could cause a device reload by sending a series of ICMP packets.
This vulnerability affects Cisco WLC software versions 6.0 and later. The following products are affected by the vulnerability described in this Security Advisory:
- Cisco 2100 Series Wireless LAN Controllers
- Cisco WLC526 Mobility Express Controller (AIR-WLC526-K9)
- Cisco NME-AIR-WLC Modules for Integrated Services Routers (ISRs)
- Cisco NM-AIR-WLC Modules for Integrated Services Routers (ISRs)
Cisco WLCs and Cisco WiSMs are responsible for system-wide wireless LAN functions, such as security policies, intrusion prevention, RF management, quality of service (QoS), and mobility. The Cisco WLC family of devices is affected by a DoS vulnerability that can allow an unauthenticated attacker to cause the device to reload by sending a series of ICMP packets. This vulnerability can be exploited from both wired and wireless segments.
Successful exploitation of this vulnerability could cause an affected device to reload. Repeated exploitation could result in a sustained DoS condition.
Enter your email address to receive notifications of new posts.