Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. All Cisco CallManager versions are vulnerable to these Denial of Service (DoS) attacks, which may result in services being interrupted or servers rebooting. Cisco has made free software available to address this vulnerability for affected customers. There are network-based workarounds available to mitigate the effects of the vulnerability. This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060118-ccmdos.
Cisco CallManager (CCM) is the software-based call-processing component of the Cisco IP telephony solution which extends enterprise telephony features and functions to packet telephony network devices such as IP phones, media processing devices, voice-over-IP (VoIP) gateways, and multimedia applications. All Cisco CallManager versions are vulnerable to these Denial of Service (DoS) attacks, which may result in services being interrupted or servers rebooting.
Cisco has made free software available to address this vulnerability for affected customers. There are network-based workarounds available to mitigate the effects of the vulnerability.
This advisory is posted at http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20060118-ccmdos.
No other Cisco products are currently known to be affected by these vulnerabilities.
Vulnerable versions of Cisco Call Manager do not manage TCP connections and Windows messages aggressively, leaving some well-known, published ports vulnerable to Denial of Service attacks.
While there are no workarounds available on the Cisco CallManager to eliminate DoS attacks, securing the voice network with Cisco CallManager security best practices may lessen the risk or mitigate the effects of these vulnerabilities. By using access lists and rate limiting to control access to the Cisco CallManager, the risk of successful attack is greatly reduced. Cisco provides Solution Reference Network Design (SRND) guides to help design and deploy networking solutions, which can be found at http://www.cisco.com/warp/public/779/largeent/it/ese/srnd.html .
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center ("TAC") or your contracted maintenance provider for assistance.
Each row of the Cisco CallManager software table (below) describes a release train which will address all of the vulnerabilities mentioned in this advisory. If a given release train is vulnerable, then the earliest possible releases that contain the fixes (the "First Fixed Release") and the anticipated date of availability for each are listed in the "Engineering Special," "Service Release," and "Maintenance Release" columns. A device running a Cisco CallManager release in the given train that is earlier than the release in a specific column (less than the First Fixed Release listed in the Engineering Special or Special Release column) is known to be vulnerable to one or more issues. The Cisco CallManager should be upgraded at least to the indicated release or a later version (greater than or equal to the First Fixed Release label).
Version |
Engineering Special |
Service Release |
Maintenance Release |
---|---|---|---|
3.2 and earlier |
migrate to 3.3 or later |
||
3.3 |
3.3(5)ES24 |
no release planned |
|
4.0 |
4.0(2a)ES56 |
no release planned |
|
4.1 |
4.1(2)ES50 4.1(3)ES24 |
no release planned |
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability described in this advisory.
This vulnerability was reported to Cisco by a customer.
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Revision 1.0 |
2006-January-18 |
Initial Public Release. |
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.