Security Advisory: Multiple Cisco Unified CallManager Vulnerabilities
Cisco Unified CallManager (CUCM) 5.0 has Command Line Interface (CLI) and Session Initiation Protocol (SIP) related vulnerabilities. There are potential privilege escalation vulnerabilities in the CLI which may allow an authenticated administrator to access the base operating system with root privileges. There is also a buffer overflow vulnerability in the processing of hostnames contained in a SIP request which may result in arbitrary code execution or cause a denial of service. These vulnerabilities only affect Cisco Unified CallManager 5.0.More here.
The CallManager CLI provides a backup management interface to the system in order to diagnose and troubleshoot the primary HTTPS-based management interfaces. The CLI, which runs as the root user, contains two vulnerabilities in the parsing of commands. The first vulnerability may allow an authenticated CUCM administrator to execute arbitrary operating system programs as the root user. The second vulnerability may allow output redirection of a command to a file or a folder specified on the command line.
Cisco Unified CallManager supports the coexistence of both SCCP and SIP phones, allowing for migration to SIP while protecting investments in existing devices. CUCM contains a buffer overflow vulnerability in the processing of excessively long hostnames which may be included in a SIP request.
Successful exploitation of the CLI vulnerability documented in Cisco bug ID CSCse11005 may allow authenticated CLI users to execute arbitrary operating system commands with root privileges. Exploitation of the CLI vulnerability documented in Cisco bug ID CSCse31704 may allow an authenticated CLI user to modify or overwrite any file on the filesystem as the root user.
Exploitation of the SIP vulnerability documented in Cisco bug ID CSCsd96542 may result in arbitrary code execution or a denial of service.
posted by Fergie @ 7/12/2006 09:54:00 AM
0 Comments:
Post a Comment
<< Home