CERT-MU Vulnerability Note VN-2008-19

Cisco Unified Communications Manager CAPF Service Denial of Service Vulnerability

Original Issue Date: January 30, 2009

Severity Rating: High

Systems Affected

• Cisco Unified Communications Manager 5.x versions prior to 5.1(3e)
• Cisco Unified Communications Manager 6.x versions prior to 6.1(3)

Overview

A vulnerability has been reported in Cisco Unified Communications Manager that could allow an unauthenticated, remote attacker to create a denial of service condition.

Description

Cisco Unified Communications Manager (CUCM), formerly Cisco Unified CallManager and Cisco CallManager (CCM), is a software-based telephony call-processing system. The Certificate Authority Proxy Function (CAPF) utility is used to create and manage locally significant certificates. The CAPF utility generates a key pair and certificate that is specific for CAPF, and the utility copies this certificate to all CUCM servers in the cluster.

A vulnerability exists in the Certificate Authority Proxy Function (CAPF) service of Cisco Unified Communications Manager that may be exploited by the attacker by sending specially crafted data to TCP port 3804 to cause denial of service conditions.

Workarounds

• Disable the CAPF service if it is not necessary for business operations.
• Restrict the access over TCP port 3804.
• Change the default port for the CAPF service.

Solution

Apply appropriate fixed versions as mentioned in CISCO Security Advisory

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Vendor Information

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090121-cucmcapf.shtml

CVE Name

CVE-2009-0057

References

CISCO
http://www.cisco.com/warp/public/707/cisco-sa-20090121-cucmcapf.shtml
http://tools.cisco.com/security/center/viewAlert.x?alertId=17415

SecurityTracker
http://www.securityfocus.com/bid/33379

SecurityFocus
http://secunia.com/advisories/33656

Secunia
http://secunia.com/advisories/33588