The attacker would need to have a network link to the device and be able to send the H.323 traffic to the device. The severity of this issue depends on the context of the device. If the device is used for critical infrastructure, it could result in a DoS condition on the device. If the device is used for mission-critical business applications, then it may result in a disruption of service. Cisco customers are encouraged to upgrade to the latest software version. In addition, IT administrators are advised to monitor for suspicious traffic on their networks. This warning will be updated when further details of the vulnerability are made available.

CCNP Practice Network:

New Cisco H.323 vulnerability
Firmware versions earlier than 8.5(4) are vulnerable to an attack that can cause a DoS condition on the device. The severity of this issue depends on the context of the device. If the device is used for critical infrastructure, it could result in a DoS condition on the device. If the device is used for mission-critical business applications, then it may result in a disruption of service. Cisco customers are encouraged to upgrade to the latest software version. In addition, IT administrators are advised to monitor for suspicious traffic on their networks. This warning will be updated when further details of the vulnerability are made available.

What is Cisco H.323?

H.323 is an open, non-proprietary protocol developed by the ITU-T. H.323 is primarily used in video conferencing and multimedia collaboration applications and can also be used for other types of telephony signaling, such as fax machines, callers ID equipment, or computer systems that require a telephone interface.
The Cisco Unified Communications Manager Express software package provides support for the H.323 protocol and offers a number of features including voice routing, call admission control, video conferencing (supporting up to 32 participants), audio conference bridge support, network signaling termination, echo cancellation/noise suppression, individual device registration management (on-device), and overlay services that allow customers to use Cisco Unified Communications Manager Express with 3rd party IP PBXs. For more information on the Cisco Unified Communications Manager Express software package see http://www.cisco.com/en/US/products/sw/voicesw/ps2237/tsd_products_support_series_home.html

Cisco Source Code Disclosure Discovered on July 29

A vulnerability in Cisco’s Smart Business Collaboration Solution (SmartBCS) software was discovered by researchers and reported to Cisco on July 29. The vulnerability would allow remote attackers to gain access to the system via Cisco SmartBCS servers and obtain sensitive information such as source code, system files, and configuration settings.

What does the H.323 standard allow for?

H.323 is a signaling protocol that provides a platform for audio, video and data communications between IP-based devices. It's important to note that Cisco customers are not impacted by this vulnerability if they already have an H.323 gateway in place and the gateway supports the latest software version as it includes mitigations for this vulnerability.
Cisco has issued a Security Advisory to address the vulnerability, CVE-2022-20783, which affects only Cisco devices that use the H.323 protocol with certain H.323 features enabled on them such as remote management, call forwarding or voice codecs. Cisco customers running affected versions of Cisco IOS Software should upgrade to the latest software release available at https://www.cisco.com/go/swupdate to protect themselves from attackers exploiting this vulnerability.

Cisco IOS Software Cisco Video Surveillance Software

Cisco IOS software, Cisco Video Surveillance software, and Cisco Unified Communications Manager software have been updated to address a vulnerability that attackers could exploit. This vulnerability is in the H.323 protocol on Cisco IP phones running versions of IOS and Video Surveillance software before 12.4(8)XB9-L3, which has been fixed by the release of these updates. An attacker who exploited this vulnerability between January 11, 2019 and February 9, 2019 would be able to cause a denial of service condition on the device.

Timeline

Published on: 04/21/2022 19:15:00 UTC
Last modified on: 05/04/2022 18:42:00 UTC

References