Vulnerabilities leave Cisco voice products open to remote attack

By Edmund X. DeJesus, Contributor 22 Jan 2004 | SearchSecurity.com

Digg This!     StumbleUpon     Del.icio.us

Cisco is warning of vulnerabilities in several voice products that could allow a remote attacker to obtain unauthorized administrative control or cause a denial of service.

The default installation of Cisco's Director Agent on IBM servers leaves the Director's services in an insecure state. In particular, Director Agent listens on TCP or UDP port 14247 in such a way that a remote attacker can connect and gain administrative level control without authentication. This level of privilege allows an attacker to shut down, power off or restart the system; execute a command shell; initiate file transfers; stop or start processes, services or device drivers; modify the network configuration; and create Windows 2000 user accounts.

In addition, by scanning port 14247, an attacker can initiate a Director Agent process that will take up 100% of the CPU. This will cause a denial of service, unless the server is shut down.

The Director Agent is part of several Cisco voice products, including CallManager, IP Interactive Voice Response, IP Call Center Express, Personal Assistant, Emergency Responder and Conference Connection. The problem occurs on a variety of IBM-based servers running any version of the operating system before OS 2000.2.6.

Cisco is providing a repair script that will mitigate the vulnerabilities without needing a software upgrade. The repair script keeps the Director Agent from listening for remote connections on TCP or UDP ports 14247. If port 14247 is enabled, the Director Agent won't automatically accept connections. The script also disables certain access and control files not required for Director Server to function.

Tags: Network Protocols and Security,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Protocols and Security Expert calls SSL protocol vulnerability a non issue How to prevent phishing attacks with social engineering tests How SSL-encrypted Web connections are intercepted DNSSEC deployment challenges can be overcome Microsoft issues SMB vulnerability advisory, patch pending Microsoft repairs Windows media, TCP/IP vulnerabilities How to test IPv6 infrastructures DNSSEC deployments gain momentum since Kaminsky DNS bug Kaminsky interview: DNSSEC addresses cross-organizational trust and security How to create secure Windows FTP automation

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary 5 terms you need to know before you employ VoIP  (SearchSecurity.com) digest authentication  (SearchSecurity.com) IGP  (SearchSecurity.com) IP spoofing  (SearchSecurity.com) Secure Sockets Layer  (SearchSecurity.com) smurfing  (SearchSecurity.com) Transport Layer Security  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary