Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability

Summary

• Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.
  
  Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
  
  This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187

Affected Products

• 
  

  Vulnerable Products

  The Cisco ATA 187 Analog Telephone Adaptor is affected by this vulnerability when it is running firmware version 9.2.1.0 or 9.2.3.1.
  
  To check the firmware version on the Cisco ATA 187 Analog Telephone Adaptor, an administrator can view the SW_Version ID field on the device web interface.

  Products Confirmed Not Vulnerable

  The following Cisco products are confirmed not vulnerable:
  

  • Cisco ATA 186 Analog Telephone Adaptor
  • Cisco ATA 188 Analog Telephone Adaptor

  No other Cisco products are currently known to be affected by this vulnerability.

Details

• Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.
  
  The vulnerability is due to improper validation of authentication on TCP port 7870 and improper authorization of commands within the operating system. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands.
  This vulnerability has been documented in Cisco Bug ID CSCtz67038 (registered customers only) and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2013-1111.
  

Workarounds

• It is possible to terminate the listening Telnet process on the device by accessing the device remotely, listing the processes, and then terminating the Telnet process. This prevents further remote access to the device until the device is reloaded.
  
  Additional mitigations that can be deployed on Cisco devices within the network are available in the companion document "Identifying and Mitigating Exploitation of the Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability," which is available at the following
  link: http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=27921
  
  

Fixed Software

• This vulnerability is addressed in the Cisco ATA 187 Analog Telephone Adaptor firmware version 9.2.3.1 ES build 4 or later.
  
  When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

  In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
  
  Currently there are no plans to publish any further releases of Cisco ATA 187 Analog Telephone Adaptor firmware to Cisco Software download section on Cisco.com.
  
  Customers who require a fixed release, should contact their support organizations as described in the "Obtaining Fixed Software" section of this advisory.

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

  This vulnerability was discovered when handling customer support requests.

URL

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187

Revision History

• Revision 1.0

  2013-February-06

  Initial public release

  Show Less