Cisco Unified Contact Center and IP Contact Center JTapi Gateway Denial of Service Vulnerability

ID CISCO-SA-20070110-CVE-2007-0198
Type cisco
Reporter Cisco
Modified 2015-01-31T08:00:00


Cisco Unified Contact Center and Cisco IP Contact Center versions 5.0, 6.0, 7.0, and 7.1 contain a vulnerability that could allow an unauthenticated, remote attacker to create a denial of service (DoS) condition.

The vulnerability is due to insufficient handling of unexpected connections. An unauthenticated, remote attacker could exploit this vulnerability by connecting to an affected server, triggering a restart of the JTapi Gateway service. Until the service restarts successfully, users cannot start or receive any new calls. Existing calls are not affected.

Cisco confirmed this vulnerability in a security advisory and released updated software.

Systems most at risk are those systems running vulnerable software and accepting connections from untrusted networks. To exploit this vulnerability, an attacker must successfully connect to the TCP port that the JTapi Gateway server has been configured to listen on. The exact port number may be dependent on configuration and unknown to an attacker. The vulnerability may also be triggered inadvertently during network security audits by automated scanning tools.

The vendors CVSS score indicates a complete availability impact; However, only the JTapi Gateway is affected by the vulnerability and current calls will continue to be processed. It is the opinion of the IntelliShield team that this only constitutes a partial availability impact.

As a result of successful exploitation, an attacker can restart the JTapi Gateway service. While the service is unavailable, users cannot create new calls, but existing calls still function as normal. When the service restarts, automatically and without interventions, users can continue to create new calls as normal. While persistent efforts may continually render the service unavailable, a single attack only temporarily denies service to users. When a redundant server has been configured, all call processing functions will continue to operate. However, an attacker could exploit the same vulnerability on the redundant system to achieve the same impact.