port 5060
video calls across IP networks such as the Internet. SIP is
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination. SIP call
signaling can use UDP (port 5060), TCP (port 5060), or TLS (TCP port
5061) as the underlying transport protocol.
Three vulnerabilities exist in the SIP implementation in Cisco IOS
Software that may allow a remote attacker to cause a device reload,
or execute arbitrary code. These vulnerabilities are triggered when
video calls across IP networks such as the Internet. SIP is
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol has the flexibility to accommodate other
applications that require call setup and termination. SIP call
signaling can use UDP (port 5060), TCP (port 5060), or TLS (TCP port
5061) as the underlying transport protocol.
The Cisco Unified Border Element (previously known as the Cisco
Multiservice IP-to-IP Gateway) is a special Cisco IOS Software image
that runs on Cisco multiservice gateway platforms. It provides a
open-ports commands can be used to determine this, although not all
of these commands work on all IOS releases. Since it is not practical
in this document to provide a list of commands corresponding to the
various releases, users should try the aforementioned commands to
determine which ones work for their device. The following is one
example of one command that shows a router listening on port 5060
(the SIP port):
router#show control-plane host open-ports
Active internet connections (servers and established)
Prot Local Address Foreign Address Service State
Unified Communications Manager Administration interface. The software
version can also be determined by running the "show version active"
command via the command-line interface.
A SIP trunk must be configured for the Cisco Unified CallManager
server to begin listening for SIP messages on TCP and UDP port 5060
and TCP/5061. However, in Cisco Unified Communications Manager
versions 5.x and later, the use of SIP as a call signaling protocol
is enabled by default and cannot be disabled.
Cisco IOS Software is also affected by this vulnerability, but it is
video calls across IP networks such as the Internet. SIP is
responsible for handling all aspects of call setup and termination.
Voice and video are the most popular types of sessions that SIP
handles, but the protocol is flexible to accommodate for other
applications that require call setup and termination. SIP call
signaling can use UDP (port 5060), TCP (port 5060), or TLS (TCP port
5061) as the underlying transport protocol.
Two DoS vulnerabilities exist in the SIP implementation of the Cisco
Unified Communications Manager. These vulnerabilities can be
triggered while processing specific and valid SIP messages and can
calls across IP networks such as the Internet. SIP is responsible for
handling all aspects of call setup and termination. Voice and video
are the most popular types of sessions that SIP handles, but the
protocol is flexible to accommodate for other applications that
require call setup and termination. SIP call signaling can use UDP
(port 5060), TCP (port 5060), or Transport Layer Security (TLS; TCP
port 5061) as the underlying transport protocol.
MGCP is the protocol for controlling telephony gateways from external
call control elements known as media gateway controllers or call
agents. A telephony gateway is a network element that provides
Resource Reservation Protocol (RSVP) - port 1698
Layer Two Forwarding (L2F)/Layer Two Tunnel Protocol (L2TP) -
port 1701
IP SLA Responder - port 1967
Media Gateway Control Protocol (MGCP) - port 2427
Session Initiation Protocol (SIP) - port 5060
No other IPv4 UDP-based services are known to be affected.
How To Verify If IPv6 Is Enabled
+-------------------------------
This vulnerability affects a limited number of Cisco IOS Software
releases. Consult the "Software Versions and Fixes" section of this
advisory for the details of affected releases.
Only devices that are configured with Cisco IOS Zone-Based Policy
Firewall SIP inspection (UDP port 5060, TCP ports 5060, and 5061) are
vulnerable. Cisco IOS devices that are configured with legacy Cisco
IOS Firewall Support for SIP (context-based access control (CBAC))
are not vulnerable.
Vulnerable Products
============
"The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge."
(from the vendor's homepage)
************
The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge.
(from the vendor's homepage)
TLS Proxy for Encrypted Voice Inspection
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
This feature allows the security appliance to decrypt, inspect and
modify (as needed, for example, performing NAT fixup), and re-encrypt
voice signaling traffic while all of the existing VoIP inspection
functions for Skinny and Session Initiation Protocol (SIP) protocols are
preserved. Once voice signaling is decrypted, the plain-text signaling
message is passed to the existing inspection engines. The security
appliance accomplishes this by acting as a TLS proxy between the IP
phone and Cisco Unified CallManager, which implies that TLS sessions are
terminating on the security appliance.
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
_______________________________________________________________________
Problem Description:
A flaw in opal, the Open Phone Abstraction Library, was found in
how it handles certain Session Initiation Protocol (SIP) packets.
An attacker could use this vulnerability to crash an application
linked to opal, such as Ekiga.
Updated packages have been patched to prevent these issues.
_______________________________________________________________________
vulnerabilities.
It is possible to mitigate these vulnerabilities with access control
lists (ACL). Filters that deny ICMP Echo Request, TCP port 22 (SSH),
TCP port 23 (Telnet), TCP port 80 (HTTP), TCP/UDP port 53 (DNS) and
TCP/UDP port 5060 (SIP) should be deployed at voice/data network
boundaries as part of a tACL policy for protection of traffic which
enters the network at ingress access points. This policy should be
configured to protect the network device and other devices behind it
where the filter is applied.
The TLS proxy for encrypted voice inspection feature allows the
security appliance to decrypt, inspect and modify (as needed, for
example, performing NAT fixup), and re-encrypt voice signaling
traffic while all of the existing VoIP inspection functions for SCCP
and Session Initiation Protocol (SIP) protocols are preserved. Once
voice signaling is decrypted, the plain-text signaling message is
passed to the existing inspection engines. The security appliance
accomplishes this by acting as a TLS proxy between the IP phone and
Cisco Unified CallManager and Cisco Unified Communications Manager,
which implies that TLS sessions are terminating on the security
vulnerabilities were discovered internally by Cisco. The following
Cisco Unified Communications Manager services are affected:
* Certificate Trust List (CTL) Provider
* Certificate Authority Proxy Function (CAPF)
* Session Initiation Protocol (SIP)
* Simple Network Management Protocol (SNMP) Trap
Cisco has released free software updates that address these
vulnerabilities. Workarounds that mitigate some of these
vulnerabilities are available.
Cisco ASA 5500 Series Adaptive Security Appliances are affected by the
following vulnerabilities:
* TCP Connection Exhaustion Denial of Service Vulnerability
* Session Initiation Protocol (SIP) Inspection Denial of Service
Vulnerabilities
* Skinny Client Control Protocol (SCCP) Inspection Denial of
Service Vulnerability
* WebVPN Datagram Transport Layer Security (DTLS) Denial of Service
Vulnerability
************
The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge.
(from the vendor's homepage)
configured. To determine if a SIP truck is configured on a Cisco
Unified Communications Manager version 4.x system, navigate to
Device > Trunk and choose the option SIP Trunk in the Cisco Unified
Communications Manager administration interface. To mitigate against
this vulnerability, administrators are advised to restrict access to
TCP and UDP port 5060 on vulnerable Cisco Unified Communications
Manager 4.x systems that are configured to use SIP trunks with
screening devices to valid SIP trunk end points.
The second SIP DoS vulnerability is documented in Cisco Bug ID
CSCsz40392 and has been assigned the CVE identifier CVE-2009-2051.
************
The OmniPCX Enterprise is an integrated communications solution for
medium-sized businesses and large corporations. It combines the best of
the old (legacy TDM phone connectivity) with the new (a native IP
platform and support for Session Initiation Protocol, or SIP) to provide
an effective and complete communications solution for cost-conscious
companies on the cutting edge.
(from the vendor's homepage)
=======
Cisco Unified Communications Manager (formerly Cisco CallManager)
contains multiple denial of service (DoS) vulnerabilities that if
exploited could cause an interruption of voice services. The Session
Initiation Protocol (SIP), Skinny Client Control Protocol (SCCP) and
Computer Telephony Integration (CTI) Manager services are affected by
these vulnerabilities.
To address these vulnerabilities, Cisco has released free software
updates for select Cisco Unified Communications Manager versions.
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
* Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
* Cisco IOS Software Session Initiation Protocol Denial of Service
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml
* Cisco IOS Software Multiple Features Crafted TCP Sequence
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
* Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
* Cisco IOS Software Session Initiation Protocol Denial of Service
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml
* Cisco IOS Software Multiple Features Crafted TCP Sequence
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
* Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
* Cisco IOS Software Session Initiation Protocol Denial of Service
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml
* Cisco IOS Software Multiple Features Crafted TCP Sequence
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
* Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
* Cisco IOS Software Session Initiation Protocol Denial of Service
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml
* Cisco IOS Software Multiple Features Crafted TCP Sequence
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-mobileip.shtml
* Cisco IOS Software Secure Copy Privilege Escalation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-scp.shtml
* Cisco IOS Software Session Initiation Protocol Denial of Service
Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20090325-sip.shtml
* Cisco IOS Software Multiple Features Crafted TCP Sequence
Vulnerability
|
