Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability

Cisco-SA-20070328-CVE-2007-1834 · Medium · Published · Updated

Cisco Unified CallManager and Unified Presence Server contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability exists due to improper handling of excessive amounts of ICMP echo requests.  An attacker could exploit this vulnerability by sending a large number of ICMP echo requests to a CallManager or Presence Server system.  These requests may cause various services to crash, resulting in a DoS condition and affecting voice services. Cisco confirmed this vulnerability in a security advisory and released updates. Cisco Unified CallManager is the call-processing component of the Cisco IP telephony solution, and the Unified Presence Server is the identity-tracking component of the telephony solution.  The vulnerability resides in the way these components handle ICMP echo requests.  By sending a large amount of ICMP echo requests to an affected system, attackers can exploit this vulnerability to crash a system, causing a disruption of voice services.  This vulnerability can also be exploited by spoofed attacks. Exploit code is not needed to conduct an attack of this type, which is mainly a brute-force attack.  There are many network utility software packages that can aid in the attempted attack, flooding the network and the specific device with ping requests.  These utilities can be commercial or open source, making access to them available to anyone who downloads them.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators may consider blocking ICMP echo requests; however, this will affect network management applications and troubleshooting procedures.

Administrators are advised to put IP telephony systems on an insulated network and to physically secure this network.

The Cisco Applied Intelligence team has created the following companion document to guide administrators in identifying and mitigating attempts to exploit this vulnerability prior to applying updated software: Identifying and Mitigating Exploitation of Multiple Cisco Unified CallManager and Presence Server Vulnerabilities["http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20070328-voip"]

CVEsCVE-2007-1834
Cisco Bug IDsNA
CVSS ScoreBase 3.3
Product Names From Source
Cisco Unified Presence Server, Cisco Unified Communications Manager

Related Products

Product CVE Evidence
Cisco Unified Presence Server CVE-2007-1834 Cisco OpenVuln
Cisco Unified Communications Manager CVE-2007-1834 Cisco OpenVuln
Cisco Unified CallManager CVE-2007-1834 Cisco OpenVuln