Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Multiple Vulnerabilities in Cisco Unified Customer Voice Portal Software

Related Vulnerabilities: CVE-2013-1220   CVE-2013-1221   CVE-2013-1222   CVE-2013-1223   CVE-2013-1224   CVE-2013-1225  

Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple vulnerabilities. Various components of Cisco Unified CVP are affected; see the "Details" section for more information on the vulnerabilities. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp

Source

Summary

  • Cisco Unified Customer Voice Portal Software (Unified CVP) contains multiple vulnerabilities. Various components of Cisco Unified CVP are affected; see the "Details" section for more information on the vulnerabilities. These vulnerabilities can be exploited independently; however, more than one vulnerability could be exploited on the same device.

    Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate some of these vulnerabilities are available. This advisory is available at the following link:
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130508-cvp

Affected Products

  • Vulnerable Products

    Cisco Unified CVP Software versions prior to 9.0.1 ES 11 are vulnerable.

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by these vulnerabilities.

Details

  • Cisco Unified CVP is an interactive voice response (IVR) system that enables customers to retrieve information they need from the contact center.

    Cisco Unified Customer Voice Portal Software SIP INVITE Packet Vulnerability
    A malformed SIP INVITE vulnerability exists in the CallServer component of the Cisco Unified CVP could allow an unauthenticated, remote attacker to cause the system to not accept new calls.
    The vulnerability is due to improper processing of malformed SIP INVITE packets. An attacker could exploit this vulnerability by sending malformed SIP INVITE packets to a Cisco Unified CVP server.
    This vulnerability is documented in Cisco Bug ID CSCua65148 (registered customers only) and has been assigned CVE ID CVE-2013-1220.

    Cisco Unified Customer Voice Portal Software Tomcat Web Application Vulnerability
    A Tomcat web application vulnerability in the Tomcat Web Management component of the Cisco Unified CVP could allow an unauthenticated, remote attacker to escalate privileges and gain administrator access.
    The vulnerability is due to improper configuration of Tomcat components.
    This vulnerability is documented in Cisco Bug ID CSCub38384 (registered customers only) and has been assigned CVE ID CVE-2013-1221.

    Cisco Unified Customer Voice Portal Software Tomcat Configuration Vulnerability
    A Tomcat web application vulnerability in the Tomcat Web Management component of the Cisco Unified CVP could allow an unauthenticated, remote attacker to execute unauthorized user-supplied web applications.
    The vulnerability is due to improper configuration of Tomcat components.
    This vulnerability is documented in Cisco Bug ID CSCub38379 (registered customers only) and has been assigned CVE ID CVE-2013-1222.

    Cisco Unified Customer Voice Portal Software File Access Vulnerability
    A file access vulnerability in the log viewer of the Cisco Unified CVP could allow an unauthenticated, remote attacker to view arbitrary system files.
    The vulnerability is due to an incorrect parameter check. An attacker could exploit this vulnerability by sending a crafted request to the log viewer.
    This vulnerability is documented in Cisco Bug ID CSCub38372 (registered customers only) and has been assigned CVE ID CVE-2013-1223.

    Cisco Unified Customer Voice Portal Software Path Traversal Vulnerability
    A path traversal vulnerability in the Resource Manager component of the Cisco Unified CVP that could allow an unauthenticated, remote attacker to overwrite system files.
    The vulnerability is due to an incorrect parameter check. An attacker could exploit this vulnerability by sending a crafted request to the Resource Manager.
    This vulnerability is documented in Cisco Bug ID CSCub38369 (registered customers only) and has been assigned CVE ID CVE-2013-1224.

    Cisco Unified Customer Voice Portal Software XML Entity Expansion Vulnerability
    A file access vulnerability in the Cisco Unified CVP that could allow an unauthenticated, remote attacker to view arbitrary system files.
    The vulnerability is due to a missing check for XML entity expansion. An attacker could exploit this vulnerability by sending a crafted request to the Resource Manager.
    This vulnerability is documented in Cisco Bug ID CSCub38366 (registered customers only) and has been assigned CVE ID CVE-2013-1225.

Workarounds

  • A workaround is available for the Cisco Unified Customer Voice Portal Software XML Entity Expansion Vulnerability documented in Cisco Bug ID CSCub38366 (registered customers only).

    To implement the workaround for the Cisco Unified Customer Voice Portal Software XML Entity Expansion Vulnerability, the communication between the Cisco Unified CVP devices must be secured using SSL. For more information on how to secure the communications between Cisco Unified CVP devices, refer to the "Unified CVP security" section of the Configuration and Administration Guide for Cisco Unified Customer Voice Portal at the following location:

    http://www.cisco.com/c/dam/en/us/td/docs/voice_ip_comm/cust_contact/contact_center/customer_voice_portal/cvp9_0/configuration/guide/cvp-configuration-and-administration-guide.pdf

    A workaround is available for the Cisco Unified Customer Voice Portal Software Tomcat Web Application Vulnerability documented in Cisco Bug ID CSCub38384 (registered customers only).

    To implement the workaround for the Cisco Unified Customer Voice Portal Software Tomcat Web Application Vulnerability, the Manager and Host-Manager web applications must be removed manually from the Tomcat instances on CVP servers. Follow the instructions to remove the Manager and Host-Manager web applications:

    Stop the services of respective server:
    The “manager” and “host-manager” web applications need to be manually removed from Tomcat instances of your CVP servers.
    CVP VXML Server
    Go to the C:\Cisco\CVP\VXMLServer\Tomcat\server\webapps folder. Delete the Manager and Host-Manager folders.

    CVP Call Server
    Go to the C:\Cisco\CVP\CallServer\Tomcat\server\webapps folder. Delete the Manager and Host-Manager folders.

    CVP Operation Console Server
    Go to the C:\Cisco\CVP\OPSConsoleServer\Tomcat\server\webapps folder. Delete the Manager and Host-Manager folders.

    CVP Reporting Server
    Go to the C:\Cisco\CVP\CallServer\Tomcat\server\webapps folder. Delete the Manager and Host-Manager folders.
    A workaround is available for the CVP: Insecure Tomcat Configuration Instance documented in Cisco Bug ID CSCub38379 (registered customers only).

    To implement the workaround for the CVP: Insecure Tomcat Configuration Instance, follow these steps:

    Stop the service of VXML Server:

    Go to the C:\Cisco\CVP\VXMLServer\Tomcat\conf folder and edit server.xml file.

    Modify autoDeploy to false. Earlier it was true.


    Start the Service VXML server.
    None of the other vulnerabilities published in this document have workarounds.

    Additional workaround details are available in the companion Applied Mitigation Bulletin (AMB) at the following location:

    http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=28982

Fixed Software

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

    These vulnerabilities were reported to Cisco by Alex Senkevitch.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Action Links for This Advisory

Related to This Advisory

URL

Revision History

  • Version Description Section Status Date
    1.4 Updated the link to the Configuration and Administration Guide for Cisco Unified CVP. Workarounds Final 2016-January-05
    1.3 Updated the Workarounds section. Final 2013-August-28
    1.2 Added location of patches for 8.x releases. 2013-July-30
    1.1 Updated the Workarounds and Software Versions and Fixes sections. 2013-May-10
    1.0 Initial public release. 2013-May-08
    Show Complete History...

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started