AV:N/AC:L/Au:N/C:P/I:P/A:C/E:F/RL:OF/RC:C
-
Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.
Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130206-ata187
-
Vulnerable Products
The Cisco ATA 187 Analog Telephone Adaptor is affected by this vulnerability when it is running firmware version 9.2.1.0 or 9.2.3.1.
To check the firmware version on the Cisco ATA 187 Analog Telephone Adaptor, an administrator can view the SW_Version ID field on the device web interface.Products Confirmed Not Vulnerable
The following Cisco products are confirmed not vulnerable:
- Cisco ATA 186 Analog Telephone Adaptor
- Cisco ATA 188 Analog Telephone Adaptor
-
Cisco ATA 187 Analog Telephone Adaptor firmware versions 9.2.1.0 and 9.2.3.1 contain a vulnerability that could allow an unauthenticated, remote attacker to access the operating system of the affected device.
The vulnerability is due to improper validation of authentication on TCP port 7870 and improper authorization of commands within the operating system. An attacker could exploit this vulnerability by connecting to the affected system and sending arbitrary commands.
This vulnerability has been documented in Cisco Bug ID CSCtz67038 (registered customers only) and has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2013-1111.
-
It is possible to terminate the listening Telnet process on the device by accessing the device remotely, listing the processes, and then terminating the Telnet process. This prevents further remote access to the device until the device is reloaded.
Additional mitigations that can be deployed on Cisco devices within the network are available in the companion document "Identifying and Mitigating Exploitation of the Cisco ATA 187 Analog Telephone Adaptor Remote Access Vulnerability," which is available at the following
link: http://tools.cisco.com/security/center/viewAMBAlert.x?alertId=27921
-
This vulnerability is addressed in the Cisco ATA 187 Analog Telephone Adaptor firmware version 9.2.3.1 ES build 4 or later.
When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Currently there are no plans to publish any further releases of Cisco ATA 187 Analog Telephone Adaptor firmware to Cisco Software download section on Cisco.com.
Customers who require a fixed release, should contact their support organizations as described in the "Obtaining Fixed Software" section of this advisory.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
This vulnerability was discovered when handling customer support requests.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.0 2013-February-06 Initial public release
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.