Cisco VoIP and presence servers vulnerable to new attacks

In the light of the “open” discussion, Cisco seems to have issues with their proprietary protocol SCCP …

… Unified CallManagers and Unified Presence Servers could be crashed via remote attacks, company says

Cisco this week said its corporate VoIP and presence servers could be attacked remotely and flooded with specific types of traffic intended to crash these systems.

The Cisco Unified CallManager (CUCM) and Cisco Unified Presence Server (CUPS) are vulnerable to remote attacks by specially crafted TCP, Internet Control Messaging Protocol (ICMP) or User Datagram Protocol (UDP) packets. Cisco has released software patches for these problems.

CallManager servers, which process VoIP calls on a network, can be crashed by sending attack traffic to TCP ports 2000 or 2443 to the server; these ports are used by Cisco’s proprietary call control protocols — Skinny Call Control Protocol (SCCP, or “Skinny”) and Secure SCCP. This vulnerability exists in CallManager versions 3.x, 4.x and 5.0 (CUCM 6.0, the latest version (announced this month), is not affected, nor is the Presence Server). …

Source :