Cisco Mitigates DoS Holes

Monday, April 6, 2015 @ 07:04 PM gHale

Cisco fixed several denial-of-service (DoS) vulnerabilities in Cisco Unity Connection, the company’s unified messaging platform.

The security holes affect Cisco Unity Connection version 10.0 and prior, but only if the product ended up configured with Session Initiation Protocol (SIP) trunk integration. Skinny Call Control Protocol (SCCP) integrations do not suffer from the issue.

Cisco Fixes Mulitple DoS Issues
Cisco IPv6 Processing Vulnerability
Risk with Custom VPN Portals
Complex Security Should be Easy

One of the flaws patched by Cisco exists in the Connection Conversation Manager (CuCsMgr) process due to the incorrect processing of certain UDP packets (CVE-2015-0612). A remote attacker can exploit the bug to cause the SIP network port UDP 5060 to close by sending a specially crafted UDP packet to the targeted device. Once the port closes, Unity Connection can no longer process any calls, Cisco said in its advisory.

Two other CuCsMgr vulnerabilities can trigger a core dump of the process and cause a DoS condition by sending a specially crafted SIP INVITE messages to the Cisco Unity Connection server (CVE-2015-0613, CVE-2015-0614). The flaws are the result of incorrect processing of crafted SIP INVITE messages and they can end up exploited with UDP, TCP, or TLS connections. These security holes are similar, but they are not the same because a different part of the SIP INVITE message processes incorrectly, Cisco said.

A similar vulnerability (CVE-2015-0616) comes from the incorrect handling of abnormally terminated SIP conversations. An attacker can cause a core dump and a DoS condition by causing the incorrect termination of TCP SIP conversations.

Cisco resolved a remotely exploitable flaw that can cause all SIP ports to become busy (CVE-2015-0615). All SIP connection lines can end up blocked because in some scenarios allocated resources do not release properly. Once a DoS condition appears, the only way to restore service is by restarting the conversation manager.

All of these vulnerabilities can end up exploited over IPv4 or IPv6 communications.

Cisco released updates for each of the affected versions of the software. Cisco Unity Connection 10.5 and certain 10.0 releases do not suffer from the issue.

The company said it’s not aware of instances where anyone has exploited these vulnerabilities, but some network scanners can exploit CVE-2015-0612.

Leave a Reply

You must be logged in to post a comment.