Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
BID:25239
Info
Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
| Bugtraq ID: | 25239 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2007-4292 CVE-2007-4293 CVE-2007-4294 CVE-2007-4295 CVE-2007-4291 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 08 2007 12:00AM |
| Updated: | Jul 05 2016 10:00PM |
| Credit: | The vendor disclosed these vulnerabilities. |
| Vulnerable: |
Cisco Unified Communications Manager 6.0(1) Cisco Unified Communications Manager 5.1(2a) Cisco Unified Communications Manager 5.1(2) Cisco Unified Communications Manager 5.1(1) Cisco Unified CallManager 6.0 Cisco IOS 12.4XW Cisco IOS 12.4XV Cisco IOS 12.4XT Cisco IOS 12.4XJ Cisco IOS 12.4XE Cisco IOS 12.4XD Cisco IOS 12.4XC Cisco IOS 12.4XB Cisco IOS 12.4XA Cisco IOS 12.4T Cisco IOS 12.4MR Cisco IOS 12.4 Cisco IOS 12.3YZ Cisco IOS 12.3YX Cisco IOS 12.3YU Cisco IOS 12.3YT Cisco IOS 12.3YS Cisco IOS 12.3YQ Cisco IOS 12.3YM Cisco IOS 12.3YK Cisco IOS 12.3YI Cisco IOS 12.3YH Cisco IOS 12.3YG Cisco IOS 12.3YF Cisco IOS 12.3YD Cisco IOS 12.3YA Cisco IOS 12.3XY Cisco IOS 12.3XW Cisco IOS 12.3XU Cisco IOS 12.3XS Cisco IOS 12.3XR Cisco IOS 12.3XQ Cisco IOS 12.3XK Cisco IOS 12.3XJ Cisco IOS 12.3XI Cisco IOS 12.3XH Cisco IOS 12.3XG Cisco IOS 12.3XF Cisco IOS 12.3XE Cisco IOS 12.3XD Cisco IOS 12.3XC Cisco IOS 12.3XB Cisco IOS 12.3XA Cisco IOS 12.3TPC Cisco IOS 12.3T Cisco IOS 12.3B Cisco IOS 12.3 Cisco IOS 12.2ZY Cisco IOS 12.2ZU Cisco IOS 12.2ZR Cisco IOS 12.2ZP Cisco IOS 12.2ZL Cisco IOS 12.2ZJ Cisco IOS 12.2ZH Cisco IOS 12.2ZG Cisco IOS 12.2ZF Cisco IOS 12.2ZE Cisco IOS 12.2ZD Cisco IOS 12.2ZC Cisco IOS 12.2ZB Cisco IOS 12.2YZ Cisco IOS 12.2YY Cisco IOS 12.2YX Cisco IOS 12.2YW Cisco IOS 12.2YV Cisco IOS 12.2YU Cisco IOS 12.2YT Cisco IOS 12.2YS Cisco IOS 12.2YR Cisco IOS 12.2YQ Cisco IOS 12.2YP Cisco IOS 12.2YN Cisco IOS 12.2YM Cisco IOS 12.2YL Cisco IOS 12.2YK Cisco IOS 12.2YJ Cisco IOS 12.2YH Cisco IOS 12.2YG Cisco IOS 12.2YF Cisco IOS 12.2YE Cisco IOS 12.2YD Cisco IOS 12.2YC Cisco IOS 12.2YB Cisco IOS 12.2YA Cisco IOS 12.2XW Cisco IOS 12.2XV Cisco IOS 12.2XU Cisco IOS 12.2XT Cisco IOS 12.2XS Cisco IOS 12.2XQ Cisco IOS 12.2XN Cisco IOS 12.2XM Cisco IOS 12.2XL Cisco IOS 12.2XK Cisco IOS 12.2XJ Cisco IOS 12.2XI Cisco IOS 12.2XH Cisco IOS 12.2XG Cisco IOS 12.2XE Cisco IOS 12.2XD Cisco IOS 12.2XC Cisco IOS 12.2XB Cisco IOS 12.2XA Cisco IOS 12.2VZ Cisco IOS 12.2TPC Cisco IOS 12.2T Cisco IOS 12.2SZ Cisco IOS 12.2SXF Cisco IOS 12.2SXE Cisco IOS 12.2SXD Cisco IOS 12.2SXB Cisco IOS 12.2SXA Cisco IOS 12.2SW Cisco IOS 12.2SV Cisco IOS 12.2SU Cisco IOS 12.2SRB Cisco IOS 12.2SRA Cisco IOS 12.2SBC Cisco IOS 12.2SB Cisco IOS 12.2S Cisco IOS 12.2MC Cisco IOS 12.2IXC Cisco IOS 12.2IXB Cisco IOS 12.2IXA Cisco IOS 12.2DX Cisco IOS 12.2DD Cisco IOS 12.2CZ Cisco IOS 12.2BY Cisco IOS 12.2BW Cisco IOS 12.2B Cisco IOS 12.2 ZX Cisco IOS 12.2 ZW Cisco IOS 12.2 Cisco IOS 12.1YI Cisco IOS 12.1YH Cisco IOS 12.1YF Cisco IOS 12.1YE Cisco IOS 12.1YD Cisco IOS 12.1YC Cisco IOS 12.1YB Cisco IOS 12.1YA Cisco IOS 12.1XZ Cisco IOS 12.1XY Cisco IOS 12.1XW Cisco IOS 12.1XV Cisco IOS 12.1XU Cisco IOS 12.1XT Cisco IOS 12.1XS Cisco IOS 12.1XR Cisco IOS 12.1XQ Cisco IOS 12.1XP Cisco IOS 12.1XM Cisco IOS 12.1XL Cisco IOS 12.1XK Cisco IOS 12.1XJ Cisco IOS 12.1XI Cisco IOS 12.1XH Cisco IOS 12.1XG Cisco IOS 12.1XF Cisco IOS 12.1XE Cisco IOS 12.1XD Cisco IOS 12.1XC Cisco IOS 12.1XB Cisco IOS 12.1XA Cisco IOS 12.1T Cisco IOS 12.1GB Cisco IOS 12.1GA Cisco IOS 12.1EZ Cisco IOS 12.1EY Cisco IOS 12.1EX Cisco IOS 12.1EC Cisco IOS 12.1EA Cisco IOS 12.1E Cisco IOS 12.1AA Cisco IOS 12.1 Cisco IOS 12.0XV Cisco IOS 12.0XR Cisco IOS 12.0XQ Cisco IOS 12.0XN Cisco IOS 12.0XM Cisco IOS 12.0XL Cisco IOS 12.0XK Cisco IOS 12.0XI Cisco IOS 12.0XH Cisco IOS 12.0XG Cisco IOS 12.0XF Cisco IOS 12.0XE Cisco IOS 12.0XD Cisco IOS 12.0XC Cisco IOS 12.0XA Cisco IOS 12.0WC Cisco IOS 12.0T Cisco IOS 12.0 |
| Not Vulnerable: |
Cisco Unified Communications Manager 6.0 (1a) Cisco Unified Communications Manager 5.1(2b) |
Discussion
Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
Cisco IOS and Unified Communications Manager are prone to multiple denial-of-service and code-execution vulnerabilities.
These issues pertain to the following protocols or features:
Session Initiation Protocol (SIP)
Media Gateway Control Protocol (MGCP)
Signaling protocols H.323, H.254
Real-time Transport Protocol (RTP)
Facsimile reception
A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions.
Cisco IOS and Unified Communications Manager are prone to multiple denial-of-service and code-execution vulnerabilities.
These issues pertain to the following protocols or features:
Session Initiation Protocol (SIP)
Media Gateway Control Protocol (MGCP)
Signaling protocols H.323, H.254
Real-time Transport Protocol (RTP)
Facsimile reception
A remote attacker can exploit these issues to execute arbitrary code or cause denial-of-service conditions.
Exploit / POC
Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
Currently we are not aware of any exploits for the arbitrary-code-execution issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
An attacker can exploit the denial-of-service issues by sending a malformed packet to the vulnerable device.
Currently we are not aware of any exploits for the arbitrary-code-execution issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
An attacker can exploit the denial-of-service issues by sending a malformed packet to the vulnerable device.
Solution / Fix
Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
Solution:
The vendor has released an advisory to address these issues. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
Solution:
The vendor has released an advisory to address these issues. Please see the referenced advisory for details on obtaining and applying the appropriate updates.
References
Cisco IOS and Unified Communications Manager Multiple Voice Vulnerabilities
References:
References:
- Cisco IOS Homepage (Cisco Systems)
- Cisco Security Advisory: Voice Vulnerabilities in Cisco IOS and Cisco Unified Co (Cisco)