Advertisement
Promo

Network management Toolkit

Cisco sounds multiple security warnings

Marguerite Reardon CNET News.com

Published: 15 Jul 2005 09:40 BST

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Cisco identified several vulnerabilities in its products this week that could lead to DoS attacks.

The most noteworthy flaw was reported Tuesday when Cisco warned that hackers could cripple its Internet telephony networks by exploiting flaws in its CallManager software, an essential component of Cisco's VoIP technology, which is used for call signalling and call routing.

Cisco has issued a patch for the vulnerability, which can be found on its Web site. Internet Security Systems (ISS) also has released software that can block the attack, to help customers as they test and install the Cisco patch.

By exploiting the discovered vulnerabilities, an attacker can trigger an overflow in memory within a critical CallManager process. This can result in a DoS condition, which will cause the CallManager server to shut down and reboot. Once the CallManager server is compromised, an attacker could redirect calls and eavesdrop on calls, as well as gain unauthorised access to networks and machines running Cisco VoIP products.

Versions of the CallManager software that are vulnerable include CallManager 3.3 and earlier, 4.0 and 4.1. No attacks have been reported that exploit the CallManager flaws, said a Cisco representative.

The CallManager vulnerabilities are not considered "critical", because the attacker would need to be inside the network in order to exploit it, said Michael Sutton, director of iDefense Labs.

According to research firm Gartner, by 2007, 97 percent of new phone systems installed in North America will be VoIP-based or will use a combination of traditional and VoIP technology. Cisco claims to have sold some five million VoIP phones to customers throughout the world.

Despite the ease-of-use of VoIP, the technology behind it is complex, and security can often be an issue, security experts have said.

"Because VoIP software is still relatively immature, it is less secure than other telephony solutions," said Neel Mehta, team lead of advanced research for ISS. "There are also problems with the design of VoIP protocols that causes concern for people. These weaknesses haven't been exploited widely by hackers yet. But VoIP deployments are increasing fast, so it will become a bigger and bigger target."

NISCC issued a warning pertaining to Cisco VoIP gear back in May regarding a flaw that could crash its IP telephones. The vulnerability was associated with Cisco IP phones running the DNS protocol. DNS handles the translation of domain names into IP addresses. DNS servers are located throughout the Internet to perform this translation and to ensure that IP packets arrive at their proper destinations. Cisco issued a software patch for the vulnerability when it was first reported.

In general, VoIP networks are less secure than traditional data networks, said Elisabeth Hurrell, an analyst at Forrester Research. Because voice traffic is sensitive to delays, traditional firewalls that inspect packets can't be used. While it may not matter if email packets are delayed getting to their destination, delayed voice packets will make a call sound choppy, which is unacceptable. To alleviate this problem, certain ports will often be left open, which also opens the network up to potential attack.

"Many companies are unaware that VoIP has unique security requirements," Hurrell said. "Companies really have to think differently about security when it comes to VoIP. Their traditional security solutions is likely to not provide them enough protection."

On Wednesday, Cisco announced security vulnerabilities in two other products that could allow DoS attacks. It reported that the Cisco ONS 15216 OADM contains a vulnerability in the handling of telnet sessions that can cause a denial-of-service condition.

And the Cisco Security Agent, a network security software agent that provides threat protection for server and desktop computers, can also be exploited by a specially crafted IP packet, which may cause the device to stop functioning and reload. Patches for the OADM product and the Security Agent can be found on Cisco's Web site.

Sutton also rated these vulnerabilities as important, but not "critical".

CNET News.com's Dawn Kawamoto contributed to this report.

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

Did you find this article useful?
87 out of 141 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Network management


Related Jobs

Excellent Communications Specialist Opportunity

Systems Administrator/ Engineer (MS, Exchange, VMware, Cisco)

Security Pre- Sales Consultant

Video icon

Video

On The Road Blog

The Right Mouse for the Job

It seems to me that the computer mouse is often almost an afterthought, or even gets no thought at all, when configuring or setting up a computer. In many cases (I might even go so... More

Post a comment

Apple patents point to haptics, finger...

Three patent applications made by Apple were published on Thursday, covering technologies including haptics, fingerprint recognition and RFID. The haptic feedback patent, if approved,... More

Post a comment

WiFi vs. Mobile Broadband (HSPA)

I have to say first that I am mildly surprised to be writing this. I'm sitting in Starbucks, where I came to spend an hour drinking coffee and using their public WiFi access before... More

1 comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters