Voice Vulnerabilities in Cisco IOS and Cisco Unified Communications Manager - Cisco Systems

This script is (C) 2010-2014 Tenable Network Security, Inc.


Synopsis :

The remote device is missing a vendor-supplied security patch.

Description :

Multiple voice-related vulnerabilities are identified in Cisco IOS
software, one of which is also shared with Cisco Unified Communications
Manager. These vulnerabilities pertain to the following protocols or
features:

- Session Initiation Protocol (SIP)
- Media Gateway Control Protocol (MGCP)
- Signaling protocols H.323, H.254
- Real-time Transport Protocol (RTP)
- Facsimile reception

There are no workarounds available to mitigate the effects of any of
the vulnerabilities apart from disabling the protocol or feature
itself.

See also :

http://www.nessus.org/u?72cd133d
http://www.nessus.org/u?1d1a6095

Solution :

Apply the relevant patch referenced in Cisco Security Advisory
cisco-sa-20070808-IOS-voice.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 49007 (cisco-sa-20070808-IOS-voice.nasl)

Bugtraq ID: 25239

CVE ID: CVE-2007-4291
CVE-2007-4292
CVE-2007-4293
CVE-2007-4294
CVE-2007-4295