From: SecuriTeam <support@securiteam.com.>
To: [email protected]
Date: 11 Jan 2007 14:17:05 +0200
Subject: [NEWS] Cisco Unified Contact Center and IP Contact Center JTapi Gateway Vulnerability
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20070111115534.BCE425855@mail.tyumen.ru.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Cisco Unified Contact Center and IP Contact Center JTapi Gateway
Vulnerability
------------------------------------------------------------------------
SUMMARY
Cisco Unified Contact Center Enterprise, Cisco Unified Contact Center
Hosted, Cisco IP Contact Center Enterprise, and Cisco IP Contact Center
Hosted editions are affected by a vulnerability that may result in the
restart of JTapi Gateway process. Until this process restarts, no new
connections can be processed. Existing connections will continue to work.
Cisco Unified Contact Center Express and Cisco IP Contact Center Express
are not affected by this vulnerability.
Cisco has made free software available to address this vulnerability for
affected customers.
DETAILS
Vulnerable Products:
All versions of Cisco Unified Contact Center Enterprise, Cisco Unified
Contact Center Hosted, Cisco IP Contact Center Enterprise, and Cisco IP
Contact Center Hosted editions are affected.
Products Confirmed Not Vulnerable
* Cisco Unified Contact Center Express and Cisco IP Contact Center
Express editions are not affected.
* Cisco Unified Intelligent Contact Management Enterprise and Hosted are
not affected.
No other Cisco products are known to be affected by this vulnerability.
Details:
Cisco Unified Contact Center Enterprise (formerly Cisco IP Contact Center
[IPCC] Enterprise), an integral component of the Cisco Unified
Communications system, provides intelligent routing and call treatment
with blending of multiple communication channels.
Cisco Unified Contact Center Hosted (formerly known as Cisco IP Contact
Center [IPCC] Hosted) is a platform that enables customers to move to a
Customer Interaction Network. The Customer Interaction Network is a
distributed, IP-based customer service infrastructure comprising a suite
of multichannel services and customer relationship management
applications.
A vulnerability exists in all versions of Cisco Unified Contact Center
Enterprise, Cisco Unified Contact Center Hosted, Cisco IP Contact Center
Enterprise, and Cisco IP Contact Center Hosted editions that may result in
the restart of JTapi Gateway process. The restart of this process can take
up to several minutes and during this time no new calls can be processed.
Existing calls continue to work. If the system is deployed in a redundant
way, the redundant system will take over preventing a loss of service.
However the JTapi Gateway on the redundant system can also be restarted by
exploiting the same vulnerability.
To exploit this vulnerability, an attacker will need to complete a 3-way
TCP handshake to the JTapi server port. This port number can be dependent
on how the product is deployed and whether there is a redundant pair of
servers. It can be found in the Windows registry by looking up the
jtapiServerPortNumber value in the Windows Registry, located at:
* HKEY_LOCAL_MACHINE\SOFTWARE\Cisco Systems,
Inc.\ICM\[instanceName]\PG[Number][A/B]\PG\CurrentVersion\JGWS\jgw[number]\JGWData\Config.
Impact:
Successful exploitation of the vulnerability may result in the restart of
JTapi Gateway process. Restarting this process can take several minutes
and during this time no new calls can be processed. Existing calls
continue to work without any problems.
Workarounds:
No workarounds exist for this vulnerability. The following general
mitigation actions are relevant for this vulnerability: Ensuring the Cisco
Unified Contact Center or Cisco IP Contact Center is physically or
logically separated from the data network and isolated from the Internet
which will limit the exposure to the exploitation of the vulnerability
from the Internet or internal data networks.
Apply access control lists (ACLs) on routers, switches, and firewalls
installed in front of the vulnerable network device such that TCP/IP
traffic destined for the Cisco Unified Contact Center or Cisco IP Contact
Center is allowed only from trusted sources. Refer to
<http://www.cisco.com/warp/public/707/tacl.html>;
http://www.cisco.com/warp/public/707/tacl.html for examples on how to
apply ACLs on Cisco routers.
ADDITIONAL INFORMATION
The information has been provided by <mailto:psirt@cisco.com.> Cisco
Systems Product Security Incident Response Team.
The original article can be found at:
<http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml>;
http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: [email protected]
In order to subscribe to the mailing list, simply forward this email to: [email protected]
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
