Article

Vulnerabilities leave Cisco voice products open to remote attack

Edmund X. DeJesus, Contributor

Cisco is warning of vulnerabilities in several voice products that could allow a remote attacker to obtain unauthorized administrative control or cause a denial of service.

The default installation of Cisco's Director Agent on IBM servers

    Requires Free Membership to View

leaves the Director's services in an insecure state. In particular, Director Agent listens on TCP or UDP port 14247 in such a way that a remote attacker can connect and gain administrative level control without authentication. This level of privilege allows an attacker to shut down, power off or restart the system; execute a command shell; initiate file transfers; stop or start processes, services or device drivers; modify the network configuration; and create Windows 2000 user accounts.

In addition, by scanning port 14247, an attacker can initiate a Director Agent process that will take up 100% of the CPU. This will cause a denial of service, unless the server is shut down.

The Director Agent is part of several Cisco voice products, including CallManager, IP Interactive Voice Response, IP Call Center Express, Personal Assistant, Emergency Responder and Conference Connection. The problem occurs on a variety of IBM-based servers running any version of the operating system before OS 2000.2.6.

Cisco is providing a repair script that will mitigate the vulnerabilities without needing a software upgrade. The repair script keeps the Director Agent from listening for remote connections on TCP or UDP ports 14247. If port 14247 is enabled, the Director Agent won't automatically accept connections. The script also disables certain access and control files not required for Director Server to function.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: