Cisco Voice Product IBM Director Agent Port Scan Denial Of Service Vulnerability
BID:9469
Info
Cisco Voice Product IBM Director Agent Port Scan Denial Of Service Vulnerability
| Bugtraq ID: | 9469 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: |
CVE-2004-1759 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 21 2004 12:00AM |
| Updated: | Mar 19 2015 08:23AM |
| Credit: | This issue was announced by Cisco. |
| Vulnerable: |
IBM X345 IBM X342 IBM X340 IBM X330 8674 IBM X330 8654 IBM MCS-7835I-3.0 IBM MCS-7815I-2.0 IBM MCS-7815-1000 IBM Director Agent 3.11 IBM Director Agent 3.1 IBM Director Agent 2.2 Cisco Personal Assistant 1.4 (2) Cisco Personal Assistant 1.4 (1) Cisco Personal Assistant 1.3 (4) Cisco Personal Assistant 1.3 (3) Cisco Personal Assistant 1.3 (2) Cisco Personal Assistant 1.3 (1) Cisco IP Interactive Voice Response (IP IVR) 3.0 Cisco IP Call Center Express (IPCC Express) Standard 3.0 Cisco IP Call Center Express (IPCC Express) Enhanced 3.0 Cisco Internet Service Node Cisco Emergency Responder 1.1 Cisco Conference Connection 1.2 Cisco Conference Connection 1.1 (1) Cisco Call Manager 4.0 Cisco Call Manager 3.3 (3) Cisco Call Manager 3.3 Cisco Call Manager 3.2 Cisco Call Manager 3.1 (3a) Cisco Call Manager 3.1 (2) Cisco Call Manager 3.1 Cisco Call Manager 3.0 Cisco Call Manager 2.0 Cisco Call Manager 1.0 |
| Not Vulnerable: | |
Discussion
Cisco Voice Product IBM Director Agent Port Scan Denial Of Service Vulnerability
IBM Director installed with Cisco voice products on IBM servers has been reported prone to a remote denial of service vulnerability. The issue is reported to present itself when a port that is associated with the affected software is scanned with a port scanner. This will cause the target Cisco voice server to become inoperative until the affected server is rebooted.
IBM Director installed with Cisco voice products on IBM servers has been reported prone to a remote denial of service vulnerability. The issue is reported to present itself when a port that is associated with the affected software is scanned with a port scanner. This will cause the target Cisco voice server to become inoperative until the affected server is rebooted.
Exploit / POC
Cisco Voice Product IBM Director Agent Port Scan Denial Of Service Vulnerability
This vulnerability can be exploited using a security port scanner tool. This issue is known to be reproducible for IBM Director Agent using the THC Amap utility to portscan TCP port 14247.
This vulnerability can be exploited using a security port scanner tool. This issue is known to be reproducible for IBM Director Agent using the THC Amap utility to portscan TCP port 14247.
Solution / Fix
Cisco Voice Product IBM Director Agent Port Scan Denial Of Service Vulnerability
Solution:
Cisco has released an repair script to address this issue by disabling access to the exposed ports. The script is available at the following location:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des
Further details are also provided in the attached Cisco advisory.
Solution:
Cisco has released an repair script to address this issue by disabling access to the exposed ports. The script is available at the following location:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des
Further details are also provided in the attached Cisco advisory.
References
Cisco Voice Product IBM Director Agent Port Scan Denial Of Service Vulnerability
References:
References: