Cisco has released its semiannual batch of security updates for the IOS and Unified Communications Manager software, which address a total of twelve DoS vulnerabilities covered in six advisories.
IOS is the operating system powering most of the Cisco’s routers and network switches, while the Unified Communications Manager is the call-processing software used in the company’s VoIP products.
Two Denial of Service (DoS) vulnerabilities, CVE-2010-2828 and CVE-2010-2829, have been identified and patched in the IOS H.323 implementation.
An attacker can exploit them by sending specially crafted packets to the voice services in order crash them and cause the devices to reload.
Another weakness (CVE-2010-2830), which can also be leveraged to trigger a Denial of Service condition, was addressed in the IOS and IOS XE Internet Group Management Protocol (IGMP).
Three more DoS bugs, CVE-2010-2834, CVE-2010-2835, CVE-2009-2051, were found and fixed in the Session Initiation Protocol (SIP).
Remote attackers can exploit these by sending crafted messages to cause SIP-enabled devices to crash. “There are no workarounds for devices that must run SIP,” the company warns.
The IOS Network Address Translation (NAT) functionality also contains three DoS flaws, CVE-2010-2831, CVE-2010-2832 and CVE-2010-2833, which affect the translation of SIP, H.323 and H.225.0 call signaling packets.
Meanwhile, the IOS Software’s SSL VPN feature is vulnerable to Denial of Service attacks when configured with an HTTP redirect.
A remote attacker can exploit the bug (CVE-2010-2836) to cause a memory exhaustion condition and force the device to reload.
The last two DoS vulnerabilities, CVE-2010-2834 and CVE-2010-2835, affect the processing of SIP messages on Cisco’s Unified Communications Manager. Successful exploitation can lead to voice services suffering interruptions.
Cisco publishes IOS security advisories twice a year, on the fourth Wednesday of March and September. However, in cases of extremely critical or actively exploited vulnerabilities, the company can release out-of-band patches.