SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VoIP)  >   Cisco Unified Communications Manager (CallManager) Vendors:   Cisco
Cisco 802.1x Voice-Enabled Interfaces Grant Anonymous Voice VLAN Access
SecurityTracker Alert ID:  1014135
SecurityTracker URL:  http://securitytracker.com/id/1014135
CVE Reference:   CVE-2005-1942   (Links to External Site)
Updated:  Nov 2 2008
Original Entry Date:  Jun 8 2005
Impact:   User access via network
Vendor Confirmed:  Yes  

Description:   A vulnerability was reported in Cisco CallManager and Cisco voice-enabled switches. A remote user on the local network can spoof the Cisco Discovery Protocol (CDP) to gain anonymous voice VLAN access.

Cisco IP Phones do not currently contain 802.1x supplicants. As a result, phones are authorized to join the voice VLAN without 802.1x authentication.

Enterprises that use 802.1x port-level authentication for VLAN data access and also use IP telephony may have a false sense of security regarding VLAN access.

FishNet Security reported this vulnerability.

The original advisory is available at:

http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.aspx

Impact:   A remote user on the local network can gain anonymous voice VLAN access.
Solution:   Cisco has provided the following workaround instructions in their Security Notice [quoted]:

Customers running newer versions of software on their Cisco Catalyst switches can take advantage of a number of features which can aid in limiting what a device can do while on the network. These features include, but are not limited to, DHCP Snooping and Port Security, Dynamic ARP Inspection (DAI) and IP Source Guard.

The whitepaper entitled Cisco Catalyst Integrated Security-Enabling the Self-Defending Network introduces the features on the Catalyst switches which can mitigate Layer 2 and Layer 3 attacks against the switch and devices connected through it.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper0900aecd8015f0ae.shtml

Additionally, customers running newer versions of Cisco CallManager can take advantage of features now offered on the Cisco IP Phones and CallManager to address Layer 2 and Layer 3 based network attacks, including certificate based authentication and encryption of voice signaling and media to protect the identity, integrity, and privacy of all voice communications.

The product data sheet for Cisco CallManager Version 4.1 lists the features available for further protection of the CallManager and IP Phones.

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_data_sheet0900aecd801979f0.html


The Cisco Security Notice is available at:

http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_security_notice09186a008048e0d6.html

Additional workaround suggestions are availabe in the FishNet Security advisory at:

http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.aspx

Vendor URL:  www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml (Links to External Site)
Cause:   Authentication error, Configuration error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC