AV:N/AC:L/Au:N/C:C/I:N/A:N/E:F/RL:OF/RC:C
-
Cisco Unified Contact Center Express (UCCX or Unified CCX) contains a denial of service (DoS) vulnerability and a directory traversal vulnerability. These vulnerabilities are independent of each other.
Exploitation of these vulnerabilities could result in a DoS condition or an information disclosure.
Cisco has released software updates that address these vulnerabilities in the latest versions of Cisco Unified Contact Center products.
This advisory is posted at https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20100609-uccx.
-
Cisco UCCX is an integrated "contact center in a box" solution for use in deployments of up to 300 agents.
Vulnerable Products
The vulnerabilities described in this document affect the following products:
-
Cisco UCCX versions 5.x, 6.x, and 7.x
-
Cisco Customer Response Solution (CRS) versions 5.x, 6.x, and
7.x
-
Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR)
versions 5.x, 6.x, and 7.x
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Cisco UCCX versions 5.x, 6.x, and 7.x
-
A DoS vulnerability exists in the computer telephony integration (CTI) server component of the Cisco UCCX product. The CTI server is only started when the Integrated Call Distribution (ICD) license is enabled, Cisco Unified IP Interactive Voice Response (Cisco Unified IP IVR) deployments are not affected by the CTI server DoS vulnerability. The CTI server listens by default on TCP port 42027, although the port number can be changed in the System Port Parameters screen. This vulnerability is triggered by malformed CTI messages addressed to the vulnerable systems that could cause the CTI server and the Cisco Unified CCX Node Manager to fail, and all active agents will be logged out. The DoS condition will be temporal and the Cisco UCCX system will become operational again once the node manager and the CTI server complete their automatic restart.
This vulnerability is documented in Cisco Bug ID CSCso89629 ( registered customers only) and has been assigned CVE ID CVE-2010-1570.
Directory Traversal Vulnerability
A directory traversal vulnerability exists in the bootstrap service of the Cisco UCCX product that allows read access to any file on the system. This vulnerability is triggered by bootstrap messages addressed to TCP port 6295. The bootstrap service is used to keep the UCCX configuration synchronized across servers in a high-availability deployment model. All deployment modes can be affected, such as ICD, ICM and IP-IVR, but only if a second node has been added to the configuration. (Nodes can be listed using the Cisco UCCX Administration Web interface with the Server option in the System pull-down taskbar). A high-availability license is not required for a system to be vulnerable.
This vulnerability is documented in Cisco Bug ID CSCsx76165 ( registered customers only) and has been assigned CVE ID CVE-2010-1571.
-
There are no workarounds for these vulnerabilities.
Additional mitigations that can be deployed on Cisco devices in the network are available in the Cisco Applied Mitigation Bulletin companion document for this advisory, which is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoAppliedMitigationBulletin/cisco-amb-20100609-uccx.
-
When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should exercise caution to be certain the devices to be upgraded contain sufficient memory and that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, contact the Cisco Technical Assistance Center (TAC) or your contracted maintenance provider for assistance.
The following tables indicate the versions of Cisco UCCX affected by the vulnerabilities described in this document. All the vulnerabilities are fixed in the latest versions of the products.
CSCso89629 CTI service DoS vulnerability (Cisco UCCX)
Release
Vulnerable
First Fixed in
8.0
Not vulnerable
7.0
Vulnerable
7.0(1)SR4, 7.0(2)
6.0
Vulnerable
6.0(1)SR1
5.0
Vulnerable
5.0(2)SR3
CSCsx76165 Bootstrap service information disclosure vulnerability (Cisco UCCX)
Release
Vulnerable
First Fixed in
8.0
Not vulnerable
7.0
Vulnerable
7.0(1)SR2, 7.0(2)
6.0
Vulnerable
Update to a fixed release
5.0
Vulnerable
5.0(2)SR3
-
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory.
The DoS vulnerability was found during Cisco internal testing, and the bootstrap service directory traversal vulnerability was reported to the Cisco Technical Assistance Center (TAC) by a customer.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.