Full Disclosure mailing list archives

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager

From: Cisco Systems Product Security Incident Response Team <psirt () cisco com>
Date: Wed, 17 Jul 2013 12:05:30 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Multiple Vulnerabilities in Cisco Unified Communications Manager

Advisory ID: cisco-sa-20130717-cucm

Revision 1.0

For Public Release 2013 July 17 16:00  UTC (GMT)
+---------------------------------------------------------------------

Summary
=======

Cisco Unified Communications Manager (Unified CM) contains multiple vulnerabilities that could be used together to 
allow an unauthenticated, remote attacker to gather user credentials, escalate privileges, and execute commands to gain 
full control of the vulnerable system. A successful attack could allow an unauthenticated attacker to access, create or 
modify information in Cisco Unified CM. 

On June 6, 2013, a French security firm, Lexfo, delivered a public presentation on VoIP security that included a 
demonstration of multiple vulnerabilities used to compromise Cisco Unified CM. During the presentation, the researchers 
demonstrated a multistaged attack that chained a number of vulnerabilities Structured Query Language (SQL) resulted in 
a complete compromise of the Cisco Unified CM server. The attack chain used the following types of vulnerabilities:

        Blind Structured Query Language (SQL) injection
        Command injection
        Privilege escalation

Cisco PSIRT greatly appreciates the opportunity to work with researchers on security vulnerabilities and welcomes the 
opportunity to review and assist in product reports.

Cisco has released a Cisco Options Package (COP) file that addresses three of the vulnerabilities documented in this 
advisory. Cisco is currently investigating the remaining vulnerabilities. Workarounds that mitigate these 
vulnerabilities are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAlHmuDIACgkQUddfH3/BbToEPQD8DVafTVfADAudnDxHoWDaLH/9
QcTIkQJn172juCFf9DAA/05OUssmg521DQBq7sgRS10R6pkATwDoSyh4+fz8a6lS
=yPA7
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Cisco Security Advisory: Multiple Vulnerabilities in Cisco Unified Communications Manager Cisco Systems Product Security Incident Response Team (Jul 17)