Cisco Unified Contact Center and IP Contact Center JTapi Gateway Denial of Service Vulnerability
Cisco-SA-20070110-CVE-2007-0198 · Medium · Published · Updated
Cisco Unified Contact Center and Cisco IP Contact Center versions 5.0, 6.0, 7.0, and 7.1 contain a vulnerability that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition. The vulnerability is due to insufficient handling of unexpected connections. An unauthenticated, remote attacker could exploit this vulnerability by connecting to an affected server, triggering a restart of the JTapi Gateway service. Until the service restarts successfully, users cannot start or receive any new calls. Existing calls are not affected. Cisco confirmed this vulnerability in a security advisory and released updated software. Systems most at risk are those systems running vulnerable software and accepting connections from untrusted networks. To exploit this vulnerability, an attacker must successfully connect to the TCP port that the JTapi Gateway server has been configured to listen on. The exact port number may be dependent on configuration and unknown to an attacker. The vulnerability may also be triggered inadvertently during network security audits by automated scanning tools. The vendors CVSS score indicates a complete availability impact; However, only the JTapi Gateway is affected by the vulnerability and current calls will continue to be processed. It is the opinion of the IntelliShield team that this only constitutes a partial availability impact. As a result of successful exploitation, an attacker can restart the JTapi Gateway service. While the service is unavailable, users cannot create new calls, but existing calls still function as normal. When the service restarts, automatically and without interventions, users can continue to create new calls as normal. While persistent efforts may continually render the service unavailable, a single attack only temporarily denies service to users. When a redundant server has been configured, all call processing functions will continue to operate. However, an attacker could exploit the same vulnerability on the redundant system to achieve the same impact.
Workarounds
Administrators are advised to apply the available software updates.
Administrators are advised to restrict network access to affected systems using IP-based ACLs.
Administrators are advised to restrict external network access to affected systems as part of a strong firewall policy.
| CVEs | CVE-2007-0198 |
|---|---|
| Cisco Bug IDs | NA |
| CVSS Score | Base 3.3 |
| Product Names From Source | Cisco Unified Contact Center, Cisco Unified Contact Center Enterprise |
Related Products
| Product | CVE | Evidence |
|---|