Sense of Security – Security Advisory – SOS-14-003
| Release Date. | 30-Nov-2014 |
| Last Update. | – |
| Vendor Notification Date. | 17-Jan-2014 |
| Product. | Cisco Unified Communications Domain Manager |
| Platform. | Cisco Unified Communications Domain Manager |
| Affected versions. | – |
| Severity Rating. | Medium |
| Impact. | Hijacking |
| Cross-Site Scripting | |
| Attack Vector. | Remote with/without authentication |
| Solution Status. | Vendor Patch |
| CVE reference. | CVE-2014-3283 |
Details.
Multiple medium risk security vulnerabilities were detected in the Self Care portal of the Cisco Unified Communications Domain Manager(a.k.a. CUCDM or VOSS Solutions Domain Manager). The security vulnerabilities can be used to obtain unauthorised access to the CUCDM Self Care portal and to compromise the hosted VoIP tenant services. Fatih Ozavci, a Senior Security Consultant with Sense of Security, has demonstrated these vulnerabilities and additional design issues at Black Hat USA 2014 and Def Con 22 security events using the Viproy VoIP Penetration Testing Kit.
Details of the vulnerabilities and required security fixes or workarounds can be found within the following references:
1. Cisco Unified Communications Domain Manager Stored XSS Vulnerability (Medium Risk) CUCDM is not properly validating some HTML parameter input. An attacker could exploit this issue to store a malicious payload that could then be executed by other users of the system Conditions:The attacker needs to have valid credentials in order to perform the attack, and needs to convince valid user to execute some actions.
2. Cisco Unified Communications Domain Manager Self-Care HTTP Redirect Vulnerability (Low Risk)http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3283 A vulnerability in the web framework of the VOSS Operating System running on the Cisco Unified Communications Domain Manager (Cisco Unified CDM) Application Software could allow an unauthenticated, remote attacker to inject a crafted HTTP header that could cause a web page to redirect to a possible malicious website.
The vulnerability is due to insufficient validation of user input before using it as an HTTP header value on VOSS Self-Care Client Portal applications. An attacker could exploit this vulnerability by convincing a user to access a crafted URL.
Exploits and Tools.
Viproy VoIP Penetration Testing and Exploitation Kit.
Solution.
All vendor security fixes must be installed.
Discovered by.
Fatih Ozavci from Sense of Security Labs.