Cisco 802.1x Voice-Enabled Interfaces Grant Anonymous Voice VLAN Access
|
|
SecurityTracker Alert ID: 1014135
|
|
SecurityTracker URL: http://securitytracker.com/id?1014135
|
|
CVE Reference: CVE-2005-1942
(Links to External Site)
|
Updated: Nov 2 2008
|
Original Entry Date: Jun 8 2005
|
Impact: User access via network
|
Vendor Confirmed: Yes
|
Advisory: Cisco Security Advisory
|
Description: A vulnerability was reported in Cisco CallManager and Cisco voice-enabled switches. A remote user on the local network can spoof the Cisco Discovery Protocol (CDP) to gain anonymous voice VLAN access.
Cisco IP Phones do not currently contain 802.1x supplicants. As a result, phones are authorized to join the voice VLAN without 802.1x
authentication.
Enterprises that use 802.1x port-level authentication for VLAN data access and also use IP telephony may have
a false sense of security regarding VLAN access.
FishNet Security reported this vulnerability.
The original advisory is available
at:
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.aspx
|
Impact: A remote user on the local network can gain anonymous voice VLAN access.
|
Solution: Cisco has provided the following workaround instructions in their Security Notice [quoted]:
Customers running newer versions of
software on their Cisco Catalyst switches can take advantage of a number of features which can aid in limiting what a device can
do while on the network. These features include, but are not limited to, DHCP Snooping and Port Security, Dynamic ARP Inspection
(DAI) and IP Source Guard.
The whitepaper entitled Cisco Catalyst Integrated Security-Enabling the Self-Defending Network introduces
the features on the Catalyst switches which can mitigate Layer 2 and Layer 3 attacks against the switch and devices connected through
it.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper0900aecd8015f0ae.shtml
Additionally, customers
running newer versions of Cisco CallManager can take advantage of features now offered on the Cisco IP Phones and CallManager to
address Layer 2 and Layer 3 based network attacks, including certificate based authentication and encryption of voice signaling
and media to protect the identity, integrity, and privacy of all voice communications.
The product data sheet for Cisco CallManager
Version 4.1 lists the features available for further protection of the CallManager and IP Phones.
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_data_sh
eet0900aecd801979f0.html
The Cisco Security Notice is available at:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_security_notice09186a008048e0d6.
html
Additional workaround suggestions are availabe in the FishNet Security advisory at:
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory
.aspx
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml (Links to External Site)
|
Cause: Authentication error, Configuration error
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 8 Jun 2005 17:09:36 -0400
Subject: http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml
|
> Cisco CallManager
> Security Notice: Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN
> Access
>
> Document ID: 65152
http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.aspx
|
|
