Mar
4
2013

February 2013: four Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories:

  • Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
  • Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability
  • Cisco Unified Presence Server Denial of Service Vulnerability
  • Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability

Cisco Unified Communications Manager Multiple Denial of Service Vulnerabilities
Cisco Unified Communications Manager contains two vulnerabilities that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of these vulnerabilities could cause an interruption of voice services.

Vulnerable Products
The following products are affected by the vulnerabilities that are described in this advisory:

  • Cisco Unified Communications Manager 8.6(x)
  • Cisco Unified Communications Manager 9.0(x)

Details

  • Malformed UDP Packets Denial of Service Vulnerability: Cisco Unified Communications Manager contains a DoS vulnerability that could allow an unauthenticated, remote attacker to cause an exhaustion of resources in the CPU. This vulnerability is triggered by receiving malformed packets on unused UDP ports and could result in an inability to connect to the graphical user interface (GUI) and an interruption of voice services.
  • Location Bandwidth Manager (LBM) Cache Poisoning Vulnerability: Cisco Unified Communications Manager 9.0 contains a vulnerability that could allow an unauthenticated, remote attacker to poison the Location Bandwidth Manager (LBM) transaction records.

Impact
Successful exploitation of the vulnerabilities that are described in this advisory could allow a remote attacker to trigger a memory leak or a denial of service condition resulting in the interruption of voice services.

Link: http://tools.cisco.com/…/cisco-sa-20130227-cucm

Cisco Prime Central for Hosted Collaboration Solution Assurance Excessive CPU Utilization Vulnerability
Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. Exploitation of this vulnerability could interrupt the monitoring of voice services.

Vulnerable Products
The following products are affected by the vulnerability that is described in this advisory:

  • Cisco Prime Central for HCS Assurance 8.6
  • Cisco Prime Central for HCS Assurance 9.0

Details
Malformed TLS Messages Denial of Service: Cisco Prime Central for HCS Assurance versions 8.6 and 9.0 contain a vulnerability that could allow an unauthenticated, remote attacker to cause a DoS condition by consuming excessive CPU.

Impact
Successful exploitation of this vulnerability could cause a DoS condition and deny access to legitimate services.

Link: http://tools.cisco.com/…/cisco-sa-20130227-hcs

Cisco Unified Presence Server Denial of Service Vulnerability
Cisco Unified Presence Server (CUPS) contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Vulnerable Products
The following products are affected by the vulnerability that is described in this advisory:

  • Cisco Unified Presence Server 8.6
  • Cisco Unified Communications Manager IM and Presence Service 9.0

Details
Denial of Service Vulnerability: Cisco Unified Presence Server (CUPS) contains a vulnerability that could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device. An attacker could exploit this issue by sending crafted packets to a Session Initiation Protocol (SIP) port (TCP port 5060) resulting in an increase in CPU utilization that could lead to a disruption of services.

Impact
Successful exploitation of the vulnerability may cause high CPU utilization that may lead to a DoS condition.

Link: http://tools.cisco.com/…/cisco-sa-20130227-cups

Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability
Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.

Vulnerable Products
The Cisco ATA 187 Analog Telephone Adaptor is affected by this vulnerability when it is running firmware version 9.2.1.0 or 9.2.3.1.

Details
The vulnerability is due to improper validation of authentication on TCP port 7870 and improper authorization of commands within the operating system. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands.

Impact
Successful exploitation of the vulnerability may cause a denial of service condition or allow the execution of operating system commands on the device.

Link: http://tools.cisco.com/…/cisco-sa-20130206-ata187

Summary
Article Name
February 2013: four Cisco vulnerabilities
Description
February 2013: The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories.
Author