Security updates: Root attacks on Cisco VoIP adapters possible
Attackers can attack several Cisco products and, in the worst case, compromise systems.
(Image: heise online)
VoIP adapters from Cisco, among others, are vulnerable. The network supplier has now released security patches.
Vulnerabilities and patches
Videos by heise
The most dangerous are eight vulnerabilities (including CVE-2024-20420"medium", CVE-2024-20421"high", CVE-2024-20459"medium") in VoIP adapters of the ATA 190 series (ATA 191 Multiplatform or on-premise, ATA 192 Multiplatform).
These turn analog telephones into VoIP devices. According to the warning message, in the worst case remote attackers can execute their own commands as root. This is due to insufficient input validation in the web management interface. In addition, attackers can still view passwords and trigger a reboot on devices, among other things. Software versions 11.2.5 and 12.0.2 are equipped against this.
Due to a vulnerability (CVE-2024-20280"medium") in the backup function of UCS Central, attackers can access information that is not actually visible. This is due to a weakness in the encryption of the backup function. UCS Central 2.0(1v) is protected against such an attack. All previous versions are said to be vulnerable.
Unified Contact Center Management Portal (CCMP) is vulnerable to an XSS attack(CVE-2024-20512"medium"). Unified CCMP up to and including 12.5 should not be vulnerable to this. For 12.6, the repaired version 12.6(1)_ES13 is available for download.
Indications of attacks?
Cisco states that they currently have no information on ongoing attacks. Unfortunately, the manufacturer fails to provide admins with information on intrusion traces in the warning messages, making it more difficult for them to recognize attacks that have already taken place.
(des)
