Cisco flags flaws in VoIP and router software

Flaws in Cisco Systems software for routers and IP telephony could be a conduit for attacks on enterprise networks, the company has warned.

On Wednesday, it released two security alerts along with fixes for Cisco CallManager, which runs internet-based phone calling. Two flaws exist in the software: one could allow an attacker to paralyse a Cisco IP telephony installation, the other could allow someone with read-only access to the system to gain full privileges, according to the alerts.

VoIP technology allows companies to send voice traffic over the same infrastructure they use for data traffic such as email. The technology has been growing in popularity over the past few years, because it helps businesses save on phone costs and provides more flexibility to employees.

The denial of service problem in CallManager exists because the software does not manage certain network connections well, leaving it vulnerable to attacks. According to the company's advisory: "This may then lead to phones not responding, phones unregistering from the Cisco CallManager, or Cisco CallManager restarting."

The second flaw only affects CallManager systems that have multilevel administration enabled. This bug could allow an administrative user with restricted, read-only access to gain full administrative privileges by using a special URL, Cisco said in an alert.

Both flaws affect CallManager 3.2 and earlier, as well as certain versions of CallManager 3.3, 4.0 and 4.1. Cisco has fixes available.

Cisco also patched a vulnerability in its Internetwork Operating System, which runs the routers and switches that make up much of the plumbing of corporate networks and the internet. A feature called the Stack Group Bidding Protocol in certain versions of IOS is vulnerable to a remotely exploitable denial of service condition, according to a company advisory.

An attacker could exploit the security hole by crafting a special network packet and sending that to a vulnerable Cisco system.

Cisco said: "Sending such a packet to port 9900 of an affected device will cause it to freeze and stop responding to, or passing traffic." After a delay, the device will reset, the company said. Devices that do not support or have not enabled the SGBP protocol are not affected by this vulnerability.

None of the vulnerabilities were disclosed before the advisories and Cisco said it is not aware of any malicious use of the flaws.

Joris Evers writes for CNET News.com