Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Products

Services and Support

Threat Center

Visit our Threat Center

Update Protection against Cisco CallManager Cross Site Scripting Vulnerabilities

Vulnerability
Protection

Check Point Reference:	CPAI-2006-085
Date Published:
Severity:
Last Updated:
Source:	SecuriTeam Cisco Security Response
Protection Provided by:	VPN-1 NGX R61 NGX R60 NG with Application Intelligence R55W NG with Application Intelligence R55 NG with Application Intelligence R54 VSX NGX InterSpect NGX 2.0 and 1.x
Who is Vulnerable? Cisco CallManager version 3.1 and above
Vulnerability Description Cisco Unified CallManager software is the call-processing component of the Cisco Unified Communications system. The web interface used to administer Cisco CallManager software fails to properly validate user input. A specially crafted request could cause the CallManager web interface to include malicious JavaScript in its response. Once the response is processed, the malicious JavaScript payload will be executed in the browser of the victim.

Update/Patch Available
Check Point is not aware of a patch made available for this issue.

Vulnerability Details
The web interface used to administer Cisco CallManager software does not properly validate user supplied input. An attacker can take advantage of this by crafting a request that causes the CallManager web interface to include malicious JavaScript in its response. If such a request is provided to CallManager administrators, an attacker can perform a variety of actions, including deletion of phone system components such as devices, reconfiguration of phone system components such as route plans, theft of global directory user credentials and more.

Protection Overview
The Update enables the HTTP Worm Catcher to detect and block the vulnerability based on pre-defined pattern signatures.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
The update of July 13, 2006 includes the following protections:

WebAttacker Spyware Protection (CPAI-2006-083)
Geeklog Remote Code Execution Protection (CPAI-2006-084)
Cisco CallManager XSS Protection (CPAI-2006-085)
Plume CMS Manager Protection (CPAI-2006-086)
ASP.Net Information Disclosure Protection (MS06-033) - CPAI-2006-087
Spyware Installer malware Protection

VPN-1 NGX R61

How Can I Protect My Network?
1. Update SmartDefense: Click the SmartDefense Services tab, click Download Updates and then click the Online Update button.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following patterns:

Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

VPN-1 NGX R60, VPN-1 NG with Application Intelligence R55W

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following patterns:

Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

VPN-1 NG with Application Intelligence R55/R54

How Can I Protect My Network?
1. Update SmartDefense by clicking Update Now in the SmartDashboard General window.
2. In the SmartDefense tree, click Application Intelligence > Web and enable General HTTP Worm Catcher.
3. Enable the following patterns:

Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

4. Install security policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

VPN-1 VSX NGX

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
3. Enable the following pattern:

Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

InterSpect NGX

How Can I Protect My Network?
1. Update SmartDefense: In the left pane from the drop-down list, select Profiles > SmartDefense Service and click the Online Update button.
2. In the left pane, select Profiles > Default Protection and select the Web Intelligence page of the profile.
3. In the Web Intelligence tree, click Malicious Code > General HTTP Worm Catcher.
4. Enable the following pattern:

Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

5. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

InterSpect 2.0

How Can I Protect My Network?
1. Update SmartDefense by clicking Online Update in the SmartDashboard General window.
2. In the SmartDefense tree, click Web > General HTTP Worm Defender.
3. Enable the following patterns:

Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: HTTP Worm Catcher
Attack Information:
Cisco CallManager Phonelist XSS Vulnerability
Cisco CallManager Logon XSS Vulnerability

Legal Notice for Threat Center Advisories

©2012 Check Point Software Technologies Ltd. All rights reserved.

Check Point Software Technologies, Inc. is a wholly owned
subsidiary of Check Point Software Technologies Ltd.