Oct
20
2009

Cisco Unified Presence Denial of Service Vulnerabilities

On Octobert 14, 2009, the The Cisco Product Security Incident Response Team (PSIRT) has published one important vulnerability advisories: Cisco Unified Presence Denial of Service Vulnerabilities.

Cisco Unified Presence contains two denial of service (DoS) vulnerabilities that may cause an interruption to presence services. These vulnerabilities were discovered internally by Cisco, and there are no workarounds.

Vulnerable Products
The following products are affected:

  • Cisco Unified Presence 1.x versions
  • Cisco Unified Presence 6.x versions prior to 6.0(6)
  • Cisco Unified Presence 7.x versions prior to 7.0(4)

Administrators of systems running Cisco Unified Presence can determine the software version by viewing the main page of the Cisco Unified Presence Administration interface. The software version can be determined by running the command show version active via the Command Line Interface (CLI).

Details

  • Network Flooding Vulnerability: Cisco Unified Presence contains a denial of service (DoS) vulnerability that may cause the TimesTenD process to fail when TCP ports 16200 or 22794 are flooded with connections. TCP 3-way handshakes must be completed for the attack to be successful. The TimesTenD process will be automatically restarted upon failure. This vulnerability is documented in Cisco Bug ID CSCsy17662 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2874.
  • Network Connection Tracking Vulnerability: Cisco Unified Presence contains a DoS vulnerability that involves the tracking of network connections by the embedded firewall. An attacker can overwhelm the table that is used to track network connections and prevent new connections from being established to system services by establishing many TCP connections with a vulnerable system. Any service that listens to a TCP port on a vulnerable system could be affected by this vulnerability. This vulnerability is documented in Cisco Bug ID CSCsw52371 and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2009-2052.

Impact
Successful exploitation of any of the vulnerabilities may result in the interruption of presence services.

Link: http://www.cisco.com/…/products_security_advisory09186a0080afc930.shtml