发布时间 :2004-01-21 00:00:00
修订时间 :2008-09-05 16:42:16

[原文]Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning.

[CNNVD]Cisco Voice Product IBM Director Agent端口扫描拒绝服务漏洞(CNNVD-200401-056)

        IBM Director与Cisco语音设备一起安装在IBM服务器上存在一个安全问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        IBM服务器上的Cisco语音产品默认安装时会安装IBM Director,默认会以不安全方式打开TCP和UDP 14247端口,通过普通的网络端口扫描程序进行扫描,会导致IBM Director代理处理twgipc.exe时消耗大量CPU时间,从而停止其他的响应。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-399 [资源管理错误]

- CPE (受影响的平台与产品)

cpe:/h:cisco:call_manager:3.1%282%29Cisco Call Manager 3.1.2
cpe:/h:ibm:x342IBM X342
cpe:/h:cisco:call_manager:3.1Cisco Call Manager 3.1
cpe:/o:cisco:conference_connection:1.1%281%29Cisco Conference Connection 1.1 (1)
cpe:/h:cisco:internet_service_nodeCisco Internet Service Node
cpe:/a:cisco:ip_call_center_express_standard:3.0Cisco IP Call Center Express Standard 3.0
cpe:/h:cisco:call_manager:3.2Cisco Call Manager 3.2
cpe:/h:ibm:mcs-7815-1000IBM MCS-7815-1000
cpe:/h:ibm:mcs-7815i-2.0IBM MCS-7815I-2.0
cpe:/a:cisco:personal_assistant:1.3%284%29Cisco Personal Assistant 1.3 (4)
cpe:/a:cisco:ip_call_center_express_enhanced:3.0Cisco IP Call Center Express Enhanced 3.0
cpe:/a:cisco:personal_assistant:1.3%283%29Cisco Personal Assistant 1.3 (3)
cpe:/h:ibm:x345IBM X345
cpe:/o:cisco:conference_connection:1.2Cisco Conference Connection 1.2
cpe:/a:cisco:ip_interactive_voice_response:3.0Cisco IP Interactive Voice Response 3.0
cpe:/h:ibm:mcs-7835i-2.4IBM MCS-7835I-2.4
cpe:/a:ibm:director_agent:3.11IBM Director Agent 3.11
cpe:/a:cisco:personal_assistant:1.3%282%29Cisco Personal Assistant 1.3 (2)
cpe:/a:ibm:director_agent:2.2IBM Director Agent 2.2
cpe:/h:cisco:call_manager:3.1%283a%29Cisco Call Manager 3.1.3a
cpe:/h:ibm:x340IBM X340
cpe:/a:cisco:personal_assistant:1.3%281%29Cisco Personal Assistant 1.3 (1)
cpe:/h:ibm:mcs-7835i-3.0IBM MCS-7835I-3.0
cpe:/a:cisco:emergency_responder:1.1Cisco Emergency Responder 1.1
cpe:/h:cisco:call_manager:2.0Cisco Call Manager 2.0
cpe:/h:cisco:call_manager:1.0Cisco Call Manager 1.0
cpe:/a:cisco:personal_assistant:1.4%281%29Cisco Personal Assistant 1.4(1)
cpe:/h:cisco:call_manager:3.0Cisco Call Manager 3.0
cpe:/h:cisco:call_manager:3.3Cisco Call Manager 3.3
cpe:/h:cisco:call_manager:4.0Cisco Call Manager 4.0
cpe:/h:cisco:call_manager:3.3%283%29Cisco Call Manager 3.3.3
cpe:/a:cisco:personal_assistant:1.4%282%29Cisco Personal Assistant 1.4(2)

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  CISCO  20040121 Voice Product Vulnerabilities on IBM Servers
(VENDOR_ADVISORY)  XF  ciscovoice-ibmservers-dos(14901)

- 漏洞信息

Cisco Voice Product IBM Director Agent端口扫描拒绝服务漏洞
中危 其他
2004-01-21 00:00:00 2005-10-20 00:00:00
        IBM Director与Cisco语音设备一起安装在IBM服务器上存在一个安全问题,远程攻击者可以利用这个漏洞进行拒绝服务攻击。
        IBM服务器上的Cisco语音产品默认安装时会安装IBM Director,默认会以不安全方式打开TCP和UDP 14247端口,通过普通的网络端口扫描程序进行扫描,会导致IBM Director代理处理twgipc.exe时消耗大量CPU时间,从而停止其他的响应。

- 公告与补丁

        cisco-sa-20040121-voice:Voice Product Vulnerabilities on IBM Servers


- 漏洞信息

Cisco Voice Products Director Agent DoS
Denial of Service
Loss of Availability

- 漏洞描述

Cisco voice products on IBM servers contain a flaw that may allow a remote denial of service. The issue is triggered by an insecure installation of IBM Director by the Cisco default installations, and will result in loss of availability for the platform.

- 时间线

2004-01-21 2004-01-21
Unknow Unknow

- 解决方案

The vulnerabilities are specific to Cisco voice products on IBM servers and all vulnerabilities listed in this advisory can be mitigated with the repair script without requiring an upgrade.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cisco Voice Product IBM Director Agent Port Scan Denial Of Service Vulnerability
Failure to Handle Exceptional Conditions 9469
Yes No
2004-01-21 12:00:00 2009-07-12 02:06:00
This issue was announced by Cisco.

- 受影响的程序版本

IBM X345
IBM X342
IBM X340
IBM X330 8674
IBM X330 8654
IBM MCS-7835I-3.0
IBM MCS-7835I-2.4
IBM MCS-7815I-2.0
IBM MCS-7815-1000
IBM Director Agent 3.11
IBM Director Agent 3.1
IBM Director Agent 2.2
Cisco Personal Assistant 1.4 (2)
Cisco Personal Assistant 1.4 (1)
Cisco Personal Assistant 1.3 (4)
Cisco Personal Assistant 1.3 (3)
Cisco Personal Assistant 1.3 (2)
Cisco Personal Assistant 1.3 (1)
Cisco IP Interactive Voice Response (IP IVR) 3.0
Cisco IP Call Center Express (IPCC Express) Standard 3.0
Cisco IP Call Center Express (IPCC Express) Enhanced 3.0
Cisco Internet Service Node
Cisco Emergency Responder 1.1
Cisco Conference Connection 1.2
Cisco Conference Connection 1.1 (1)
Cisco Call Manager 4.0
Cisco Call Manager 3.3 (3)
Cisco Call Manager 3.3
Cisco Call Manager 3.2
+ Cisco VoIP Phone 7902G 0
+ Cisco VoIP Phone 7905G 0
+ Cisco VoIP Phone 7912G 0
Cisco Call Manager 3.1 (3a)
Cisco Call Manager 3.1 (2)
Cisco Call Manager 3.1
Cisco Call Manager 3.0
Cisco Call Manager 2.0
Cisco Call Manager 1.0

- 漏洞讨论

IBM Director installed with Cisco voice products on IBM servers has been reported prone to a remote denial of service vulnerability. The issue is reported to present itself when a port that is associated with the affected software is scanned with a port scanner. This will cause the target Cisco voice server to become inoperative until the affected server is rebooted.

- 漏洞利用

This vulnerability can be exploited using a security port scanner tool. This issue is known to be reproducible for IBM Director Agent using the THC Amap utility to portscan TCP port 14247.

- 解决方案

Cisco has released an repair script to address this issue by disabling access to the exposed ports. The script is available at the following location:

Further details are also provided in the attached Cisco advisory.

- 相关参考