发布时间 :2004-01-21 00:00:00
修订时间 :2008-09-05 16:42:16

[原文]The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

[CNNVD]Cisco Voice Product IBM Director Agent无需验证获取远程管理权限访问漏洞(CNNVD-200401-057)

        IBM Director与Cisco语音设备一起安装在IBM服务器上存在一个安全问题,远程攻击者可以利用这个漏洞未授权进行管理访问。
        IBM服务器上的Cisco语音产品默认安装时会安装IBM Director,默认会以不安全方式打开TCP和UDP 14247端口,利用任何Director Server/Console代理无需验证可通过14247端口以管理员权限进行访问。可进行关闭、重启、远程命令执行、文件传输、网络配置修改等操作。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-287 [认证机制不恰当]

- CPE (受影响的平台与产品)

cpe:/h:cisco:call_manager:3.1%282%29Cisco Call Manager 3.1.2
cpe:/h:ibm:x342IBM X342
cpe:/h:cisco:call_manager:3.1Cisco Call Manager 3.1
cpe:/o:cisco:conference_connection:1.1%281%29Cisco Conference Connection 1.1 (1)
cpe:/h:cisco:internet_service_nodeCisco Internet Service Node
cpe:/a:cisco:ip_call_center_express_standard:3.0Cisco IP Call Center Express Standard 3.0
cpe:/h:cisco:call_manager:3.2Cisco Call Manager 3.2
cpe:/h:ibm:mcs-7815-1000IBM MCS-7815-1000
cpe:/h:ibm:mcs-7815i-2.0IBM MCS-7815I-2.0
cpe:/a:cisco:personal_assistant:1.3%284%29Cisco Personal Assistant 1.3 (4)
cpe:/a:cisco:ip_call_center_express_enhanced:3.0Cisco IP Call Center Express Enhanced 3.0
cpe:/a:cisco:personal_assistant:1.3%283%29Cisco Personal Assistant 1.3 (3)
cpe:/h:ibm:x345IBM X345
cpe:/o:cisco:conference_connection:1.2Cisco Conference Connection 1.2
cpe:/a:cisco:ip_interactive_voice_response:3.0Cisco IP Interactive Voice Response 3.0
cpe:/h:ibm:mcs-7835i-2.4IBM MCS-7835I-2.4
cpe:/a:ibm:director_agent:3.11IBM Director Agent 3.11
cpe:/a:cisco:personal_assistant:1.3%282%29Cisco Personal Assistant 1.3 (2)
cpe:/a:ibm:director_agent:2.2IBM Director Agent 2.2
cpe:/h:cisco:call_manager:3.1%283a%29Cisco Call Manager 3.1.3a
cpe:/h:ibm:x340IBM X340
cpe:/a:cisco:personal_assistant:1.3%281%29Cisco Personal Assistant 1.3 (1)
cpe:/h:ibm:mcs-7835i-3.0IBM MCS-7835I-3.0
cpe:/a:cisco:emergency_responder:1.1Cisco Emergency Responder 1.1
cpe:/h:cisco:call_manager:2.0Cisco Call Manager 2.0
cpe:/h:cisco:call_manager:1.0Cisco Call Manager 1.0
cpe:/a:cisco:personal_assistant:1.4%281%29Cisco Personal Assistant 1.4(1)
cpe:/h:cisco:call_manager:3.0Cisco Call Manager 3.0
cpe:/h:cisco:call_manager:3.3Cisco Call Manager 3.3
cpe:/h:cisco:call_manager:4.0Cisco Call Manager 4.0
cpe:/h:cisco:call_manager:3.3%283%29Cisco Call Manager 3.3.3
cpe:/a:cisco:personal_assistant:1.4%282%29Cisco Personal Assistant 1.4(2)

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  ciscovoice-ibmservers-admin-access(14900)
(VENDOR_ADVISORY)  CISCO  20040121 Voice Product Vulnerabilities on IBM Servers

- 漏洞信息

Cisco Voice Product IBM Director Agent无需验证获取远程管理权限访问漏洞
危急 访问验证错误
2004-01-21 00:00:00 2005-10-20 00:00:00
        IBM Director与Cisco语音设备一起安装在IBM服务器上存在一个安全问题,远程攻击者可以利用这个漏洞未授权进行管理访问。
        IBM服务器上的Cisco语音产品默认安装时会安装IBM Director,默认会以不安全方式打开TCP和UDP 14247端口,利用任何Director Server/Console代理无需验证可通过14247端口以管理员权限进行访问。可进行关闭、重启、远程命令执行、文件传输、网络配置修改等操作。

- 公告与补丁

        cisco-sa-20040121-voice:Voice Product Vulnerabilities on IBM Servers


- 漏洞信息

Cisco Voice Products Director Agent Insecure Default Installation

- 漏洞描述

Cisco Voice Products contain a flaw that may allow a malicious user to gain control of the server. The issue is caused by an insecure default installation of IBM Director. It is possible that the flaw may allow an attacker trivial access to administrative privileges resulting in a loss of confidentiality, integrity, and/or availability.

- 时间线

2004-01-21 2004-01-21
Unknow Unknow

- 解决方案

The vulnerabilities are specific to Cisco voice products on IBM servers and all vulnerabilities listed in this advisory can be mitigated with the repair script without requiring an upgrade.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Cisco Voice Product IBM Director Agent Unauthorized Remote Administrative Access Vulnerability
Access Validation Error 9468
Yes No
2004-01-21 12:00:00 2009-07-12 02:06:00
This issue was announced by Cisco.

- 受影响的程序版本

IBM X345
IBM X342
IBM X340
IBM X330 8674
IBM X330 8654
IBM MCS-7835I-3.0
IBM MCS-7835I-2.4
IBM MCS-7815I-2.0
IBM MCS-7815-1000
IBM Director Agent 3.11
IBM Director Agent 2.2
Cisco Personal Assistant 1.4 (2)
Cisco Personal Assistant 1.4 (1)
Cisco Personal Assistant 1.3 (4)
Cisco Personal Assistant 1.3 (3)
Cisco Personal Assistant 1.3 (2)
Cisco Personal Assistant 1.3 (1)
Cisco IP Interactive Voice Response (IP IVR) 3.0
Cisco IP Call Center Express (IPCC Express) Standard 3.0
Cisco IP Call Center Express (IPCC Express) Enhanced 3.0
Cisco Internet Service Node
Cisco Emergency Responder 1.1
Cisco Conference Connection 1.2
Cisco Conference Connection 1.1 (1)
Cisco Call Manager 4.0
Cisco Call Manager 3.3 (3)
Cisco Call Manager 3.3
Cisco Call Manager 3.2
+ Cisco VoIP Phone 7902G 0
+ Cisco VoIP Phone 7905G 0
+ Cisco VoIP Phone 7912G 0
Cisco Call Manager 3.1 (3a)
Cisco Call Manager 3.1 (2)
Cisco Call Manager 3.1
Cisco Call Manager 3.0
Cisco Call Manager 2.0
Cisco Call Manager 1.0

- 漏洞讨论

IBM Director agents installed with Cisco voice products on IBM servers are prone to a vulnerability that could permit remote attackers to gain unauthorized administrative access. This could be exploited by any Director Server/Console agent that can connect to the administrative port.

Administrative access will permit the attacker to take various malicious actions, including remote command execution, reconfiguration and stopping/starting services.

- 漏洞利用

There is no exploit required.

- 解决方案

Cisco has released an repair script to address this issue by disabling access to the exposed ports. The script is available at the following location:

Further details are also provided in the attached Cisco advisory.

- 相关参考