|
|
>> Cisco IOS and UCM Remote Code Execution and Denial of Service Vulnerabilities
|
Multiple vulnerabilities have been identified in Cisco IOS and Cisco Unified Communications Manager, which could be exploited by attackers to cause a denial of service or take complete control of an affected system.
The first issue is caused by errors when processing malformed SIP (Session Initiation Protocol) packets, which could be exploited to cause a vulnerable device to crash or execute arbitrary code.
The second vulnerability is caused by errors when processing malformed MGCP (Media Gateway Control Protocol) packets, which could be exploited by attackers to cause a vulnerable device to crash or become unresponsive.
The third issue is caused by an error when processing a malformed H.323 packet, which could be exploited to crash a vulnerable device, creating a denial of service condition.
The fourth vulnerability is caused by an error when processing a malformed RTP (Real-time Transport Protocol) packet, which could be exploited to crash a vulnerable device.
The fifth issue is caused by an error when processing an overly large packet, which could be exploited to cause a vulnerable device to crash, creating a denial of service condition.
Affected Products
Cisco IOS 12.x
Cisco Unified Communications Manager 5.x
Cisco Unified Communications Manager 6.x
Solution
Upgrade to the latest releases :
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml#software
References
http://www.vupen.com/english/advisories/2007/2816
http://www.cisco.com/warp/public/707/cisco-sa-20070808-IOS-voice.shtml
Credits
Vulnerabilities reported by the vendor.
ChangeLog
2007-08-08 : Initial release
Vulnerability Management
Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.
Feedback
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
