-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: CERT-EU Security Advisory 2012-0026 Title: Unified Communications Manager Skinny Client Control Protocol Vulnerabilities[1] Version history: 01.03.2012 Initial publication Summary ======= CVSS Base Scores CVE-2011-4486: SCCP Registration may Cause Reload CVSS v2 Base Score: 7.8 (HIGH) (AV:N/AC:L/Au:N/C:N/I:N/A:C) [3]) CVE-2011-4487: Vulnerable to blind SQL Injection during registration CVSS v2 Base Score: 5.8 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:P) [3]) Affected Versions ================= For both vulnerabilities: * Cisco Unified Communications Manager Software versions 6.x * Cisco Unified Communications Manager Software versions 7.x * Cisco Unified Communications Manager Software versions 8.x * Cisco Business Edition 3000 * Cisco Business Edition 5000 * Cisco Business Edition 6000 Original Details ================ CVE-2011-4486: SCCP Registration may Cause Reload Cisco Unified Communication Manager may reload when a specially crafted SCCP message is processed. Successful exploitation could cause a loss of all voice services that are being handled by the affected device. After the device restarts, voice services will be restored. CVE-2011-4487: Vulnerable to blind SQL Injection during registration Cisco Unified Communications Manager may allow the blind execution of attacker-controlled SQL code when processing a specially crafted SCCP message. Successful exploitation could allow the attacker to modify certain sections of the SQL database that are utilized by the device. What can you do? ================ Deploy the updated versions of the software [2]. Workarounds: Administrators can mitigate these vulnerabilities limiting access to TCP ports 2000 and 2443 to only allow traffic from networks that require SCCP access to Cisco Unified Communications Manager appliances. Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory.[4] What to tell your users? ======================== N/A More information ================ [1] CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120229-cucm [2] CISCO Software Download http://www.cisco.com/cisco/software/find.html?q=nx-os [3] Information about CVSS: http://www.first.org/cvss/cvss-guide.html [4] Mitigation http://tools.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20120229-cucm Best regards, CERT-EU CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP KeyID 0x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 (DISCLAIMER: CERT-EU, the CERT for the EU institutions, is currently in its setup phase, until May 2012. Services are provided in a pilot fashion, and are not yet fully functional. Announcements, alerts and warnings are sent out in best effort manner, and to contact information currently known to us. We apologise if you are not the correct recipient, or if you had already been warned about this issue from another source . Format, content and way of alerting are subject to change in the future. Contact information or even the team name may change as well.) -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJPTzx6OhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4OBOBAAtb4wrdmq mtbFdKtXxtJqH+6UIVO0M6nnoD4Qe5prJoPkX3AbBv9vMCjXPoKCunM0tZStevX2 xdypR7CRUI6WNvhMkCE3jUryyY7tTU+52/iB1EL4P0nLhnn5npR09+A4X6717lIp rP+dRTDwLgVHu2/E14IER5moC2fyHFCbcYE05zVaSNF5er33CX5F7c9LUGaaHsjO xy6ViCucH+jnunw+oUTTHMykW+4vVGkiVhn6x1nj0pA7BGdDllCHI5JMJOu4Iwln T3yR1H7eucExtmtS1dAwkBajEnDaJp2T8ZZbg/U8BRpxImIXTm3y8mCIBHjw1Dei oF5oy5NPSPVCirkxvRJEJS6SQacG0L5Qz4s6uTWt8HRl9XNp0IVX/92YdbFULgKP o1aFhNMIfvorJp3dxraf9pwJywuo2CLG5Qff+0Qy5u4rTPvX7F+/bFXEbvE8ysGM Db3vYAmemstucYMB5X9awH54e1ps57ZORW/vhewf9CORKXRIsnGCRP1WOA17VhtI 2N0CS8F7VDUP6tHH+PfMBLhUwgPcJC7/n8MTUKRd777f3qV2HdNURmt2/YVBAzVC 5WBdiZ4pguCcgBYHSTxJ/dde/N2RIhmv4EkQ7nx9vQ7miV63xJtKKCfWFRSEuoCm KPbFYfE3Yb662eUhooSDIMWbFjbDRBiO8Aw= =8Pg2 -----END PGP SIGNATURE-----