Jun
4
2010

May 2010: two Cisco vulnerabilities

The The Cisco Product Security Incident Response Team (PSIRT) has published two important vulnerability advisories:

  • Multiple Vulnerabilities in Cisco PGW Softswitch
  • Multiple Vulnerabilities in Cisco Network Building Mediator


Multiple Vulnerabilities in Cisco PGW Softswitch

Multiple vulnerabilities exist in the Cisco PGW 2200 Softswitch series of products. Each vulnerability described in this advisory is independent from other. The vulnerabilities are related to processing Session Initiation Protocol (SIP) or Media Gateway Control Protocol (MGCP) messages. Successful exploitation of all but one of these vulnerabilities can crash the affected device. Exploitation of the remaining vulnerability will not crash the affected device, but it can lead to a denial-of-service (DoS) condition in which no new TCP-based connections will be accepted or created.

Vulnerable Products
The Cisco PGW 2200 Softswitch is affected by these vulnerabilities.

Details
SIP is a popular signaling protocol used to manage voice and video calls across IP networks such as the Internet. SIP is responsible for handling all aspects of call setup and termination. Voice and video are the most popular types of sessions that SIP handles, but the protocol is flexible to accommodate for other applications that require call setup and termination. SIP call signaling can use UDP (port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP port 5061) as the underlying transport protocol.

MGCP is the protocol for controlling telephony gateways from external call control elements known as media gateway controllers or call agents. A telephony gateway is a network element that provides conversion between the audio signals carried on telephone circuits and data packets carried over the Internet or other packet networks.

Multiple DoS vulnerabilities exist in the Cisco PGW 2200 Softswitch SIP implementation, and one vulnerability is in the MGCP implementation.

Impact
Successful exploitation of all but one vulnerability in this advisory can crash the affected device. The remaining vulnerability will not crash the affected device, but it can lead to a DoS condition in which no new TCP-based connections will be accepted or created.

Link: http://www.cisco.com/…/security_advisory09186a0080b2c519.shtml

 

Multiple Vulnerabilities in Cisco Network Building Mediator
Multiple vulnerabilities exist in the Cisco Network Building Mediator (NBM) products. These vulnerabilities also affect the legacy Richards-Zeta Mediator products. This security advisory outlines details of the following vulnerabilities:

  • Default credentials
  • Privilege escalation
  • Unauthorized information interception
  • Unauthorized information access

Vulnerable Products
Users can determine the version of the Mediator Framework running on a device by logging into the device. After a successful login, the device will display the version of Mediator Framework running on the device.

Details
The Cisco Network Building Mediator is a platform that transforms the way buildings are designed, operated, and experienced.
Cisco Network Building Mediator collects data from sources that include the building, IT, energy supply, and energy demand systems, which use different protocols that are otherwise unable to communicate with one another. The Cisco Network Building Mediator normalizes the data into a common data representation. This ability enables the Cisco Network Building Mediator to perform any-to-any protocol translation and to provide information to the end user in a uniform presentation.
This security advisory describes multiple distinct vulnerabilities in the legacy Richards-Zeta Mediator and the Cisco Network Building Mediator. These vulnerabilities are independent of each other.

Impact
Successful exploitation of any of these vulnerabilities could result in a malicious user taking complete control over an affected device.

Link: http://www.cisco.com/…/security_advisory09186a0080b2c518.shtml