Users
Article Options
St0rmz

Cisco Call Manager 'Ping of Death'?

by nCircle Staff on 03-28-2007 03:25 PM

I'm reading the new Cisco vulns released today regarding Cisco Unified Call Manager. Apparently one can cause a DoS by sending an ICMP flood.


* ICMP Echo Request Flood Denial of Service

By sending a large amount of ICMP Echo Requests (Ping) to a CUCM or CUPS system, it may be possible to cause various CUCM / CUPS services to crash resulting in a denial of service affecting voice services. CUCM versions 3.x and 4.x are not affected by this vulnerability, only CUCM version 5.0 is affected. The CUCM issue is documented in Cisco Bug ID CSCsf12698. The CUPS issue is documented in Cisco Bug ID CSCsg60930.


I interpret this as the classic "ping of death" we used to enjoy in early versions of Windows. One would think this would have been solved already.


Anybody try it yet?

0 Kudos
About the Author
  • As nCircle's Director of Security Operations, Andrew Storms is responsible for the definition and enforcement of the company's security compliance programs as well as overseeing day-to-day operations for the Information Technology department. Andrew's commentary on IT security issues has appeared in CNBC, Forbes and The New York Times, as well as many other publications. He is a Certified Information Systems Security Professional (CISSP), a member of Infragard and a graduate of the FBI Citizens' Academy.
Announcements

Join Connect for access to exclusive Network Security content

New Members:
Click here to get started

Can't find what you're looking for?
Please let us know by clicking on the orange Feedback link on the far left side of the page.