Cisco patches potentially crippling VoIP flaws

Share this article:
Cisco late Wednesday patched seven severe vulnerabilities in its widely used internet telephony software that could permit device compromise or system shutdown.

The bugs – rated “highly critical” by vulnerability tracking firm Secunia – were reported in 16 devices from the networking giant's Unified IP Phone 7900 series, according to a Cisco advisory. Affected phones are those running either the industry standard session initiation protocol (SIP) and/or Cisco's proprietary Skinny Client Control Protocol (SCCP).

Four of the VoIP flaws are overflow vulnerabilities, caused by handling errors that could result in the installation of malicious code on a victim's phone. Another two bugs could permit specially crafted packets to launch DoS attacks. And a final vulnerability may allow privilege escalation.

Dave Endler, director of security research at TippingPoint and author of Hacking Exposed: VoIP, told today that organizations can protect against these attacks with a defense-in-depth strategy.

That includes implementing a VoIP-aware firewall and intrusion prevention system, as well as separating voice and data onto separate virtual local area networks (VLANs), he said. If a business has those controls in place, insider access likely would be required to exploit the vulnerabilities.

While a widespread VoIP worm appears unlikely in the short term, Endler said more attacks will target internet telephony software going forward.

“More and more people are looking at VoIP now that it's getting more popular,” he said. “Just because you see more bugs doesn't mean it's getting less secure. The tools to discover these types of vulnerabilities are being more widely disseminated. There are many more free tools that anyone can download and run against these phones.”

Meanwhile, Cisco separately fixed a less critical vulnerability in its Unified Communications Manager.

The product, which provides call processing functionality for Cisco IP phones, is susceptible to a SQL injection attack that could grant authentication privileges, allowing attackers to steal information, such as usernames, password hashes and call records.
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

CryptoWall surpasses CryptoLocker in infection rates

CryptoWall surpasses CryptoLocker in infection rates

A threat analysis from Dell SecureWorks CTU says that CryptoWall has picked up where its famous sibling left off.

Professor says Google search, not hacking, yielded medical info

Professor says Google search, not hacking, yielded medical ...

A professor of ethical hacking at City College San Francisco came forward to clarify that he did not demonstrate hacking a medical center's server in a class.

Syrian Malware Team makes use of enhanced BlackWorm RAT

Syrian Malware Team makes use of enhanced BlackWorm ...

FireEye analyzed the hacking group's use of the malware, dubbed the "Dark Edition" of BlackWorm.