Search
Homepage This page's url is: -crn- Rankings and Research Companies Channelcast Marketing Matters CRNtv Events WOTC Jobs HPE Discover 2019 News Cisco Wi-Fi 6 Newsroom Dell Technologies Newsroom Hitachi Vantara Newsroom HP Reinvent Newsroom Lenovo Newsroom Nutanix Newsroom Cisco Live Newsroom HPE Zone Tech Provider Zone

Cisco Patches IOS Software, UC Manager Bugs

Cisco releases nine security advisories addressing bugs in two of its most important platforms. Exploitation of the individual vulnerabilities could result in denial of service conditions, interface queue wedges or Border Gateway Protocol session resets.

The vast majority of the bug fixes are designed to close exploits through which denial of service attacks could be launched.

According to the company, the Session Initiation Protocol (SIP) implementation in its IOS Software and its IOS XE Software has a bug that could enable a remote attacker to cause a device to reload, assuming that the devices are configured to process SIP messages and for pass-through of Session Description Protocol (SDP).

[Related: 7 Deadly Sins of Information Security ]

"This vulnerability is triggered when an affected device processes a crafted SIP message that contains a valid Session Description Protocol (SDP) message," the advisory reports. "Only traffic destined to the device can trigger the vulnerability; transit SIP traffic is not an exploit vector. SDP pass-through must be enabled, either at the global level, or at the dial-peer level, for a device to be affected by this vulnerability."

The UCM bug fix is intended to close an issue with its Session Initiation Protocol (SIP) implementation that could enable an attacker to take down voice services. Similar to the IOS vulnerability, the devices must be configured to support SIP messages for this attack to work.

Unified Communications Manager is the call-processing component of the vendor's IP Telephony products, providing various enterprise telephony features and functions to VoIP systems. SIP is used to manage voice and video calls across IP networks, including call setup and termination. The vulnerability that is being closed by the corresponding patch could cause the system to fail due to a malicious SIP message that contains a valid Session Description Protocol (SDP) message in cases where the traffic is legitimately addressed for the device.

Cisco has released free software updates that address all of the targeted vulnerabilities.

Cisco releases bundles of Cisco IOS Software Security Advisories on the fourth Wednesday of the month in March and September of each calendar year.

PUBLISHED SEPT. 27, 2012

Back to Top

Video

 

sponsored resources