Cisco Unified CallManager and Unified Presence Server ICMP Echo Request Handling Denial of Service Vulnerability

Cisco Unified CallManager and Unified Presence Server contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability exists due to improper handling of excessive amounts of ICMP echo requests. An attacker could exploit this vulnerability by sending a large number of ICMP echo requests to a CallManager or Presence Server system. These requests may cause various services to crash, resulting in a DoS condition and affecting voice services.

Cisco confirmed this vulnerability in a security advisory and released updates.

Cisco Unified CallManager is the call-processing component of the Cisco IP telephony solution, and the Unified Presence Server is the identity-tracking component of the telephony solution. The vulnerability resides in the way these components handle ICMP echo requests. By sending a large amount of ICMP echo requests to an affected system, attackers can exploit this vulnerability to crash a system, causing a disruption of voice services. This vulnerability can also be exploited by spoofed attacks.

Exploit code is not needed to conduct an attack of this type, which is mainly a brute-force attack. There are many network utility software packages that can aid in the attempted attack, flooding the network and the specific device with ping requests.
These utilities can be commercial or open source, making access to them available to anyone who downloads them.