Cisco 802.1x Voice-Enabled Interfaces Grant Anonymous Voice VLAN Access
|
|
SecurityTracker Alert ID: 1014135 |
|
SecurityTracker URL: http://securitytracker.com/id/1014135
|
|
CVE Reference:
CVE-2005-1942
(Links to External Site)
|
Updated: Nov 2 2008
|
Original Entry Date: Jun 8 2005
|
Impact:
User access via network
|
Vendor Confirmed: Yes
|
|
Description:
A vulnerability was reported in Cisco CallManager and Cisco voice-enabled switches. A remote user on the local network can spoof the Cisco Discovery Protocol (CDP) to gain anonymous voice VLAN access.
Cisco IP Phones do not currently contain 802.1x supplicants. As a result, phones are authorized to join the voice VLAN without 802.1x authentication.
Enterprises that use 802.1x port-level authentication for VLAN data access and also use IP telephony may have a false sense of security regarding VLAN access.
FishNet Security reported this vulnerability.
The original advisory is available at:
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.aspx
|
Impact:
A remote user on the local network can gain anonymous voice VLAN access.
|
Solution:
Cisco has provided the following workaround instructions in their Security Notice [quoted]:
Customers running newer versions of software on their Cisco Catalyst switches can take advantage of a number of features which can aid in limiting what a device can do while on the network. These features include, but are not limited to, DHCP Snooping and Port Security, Dynamic ARP Inspection (DAI) and IP Source Guard.
The whitepaper entitled Cisco Catalyst Integrated Security-Enabling the Self-Defending Network introduces the features on the Catalyst switches which can mitigate Layer 2 and Layer 3 attacks against the switch and devices connected through it.
http://www.cisco.com/en/US/products/hw/switches/ps708/products_white_paper0900aecd8015f0ae.shtml
Additionally, customers running newer versions of Cisco CallManager can take advantage of features now offered on the Cisco IP Phones and CallManager to address Layer 2 and Layer 3 based network attacks, including certificate based authentication and encryption of voice signaling and media to protect the identity, integrity, and privacy of all voice communications.
The product data sheet for Cisco CallManager Version 4.1 lists the features available for further protection of the CallManager and IP Phones.
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_data_sheet0900aecd801979f0.html
The Cisco Security Notice is available at:
http://www.cisco.com/en/US/products/sw/voicesw/ps556/products_security_notice09186a008048e0d6.html
Additional workaround suggestions are availabe in the FishNet Security advisory at:
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.aspx
|
Vendor URL: www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml (Links to External Site)
|
Cause:
Authentication error, Configuration error
|
Underlying OS:
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 8 Jun 2005 17:09:36 -0400
Subject: http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml
|
> Cisco CallManager
> Security Notice: Cisco 802.1x Voice-Enabled Interfaces Allow Anonymous Voice VLAN
> Access
>
> Document ID: 65152
http://www.cisco.com/warp/public/707/cisco-sn-20050608-8021x.shtml
http://www.fishnetsecurity.com/csirt/disclosure/cisco/Cisco+802.1x+Advisory.aspx
|
|
