CVE-2024-20375 - A Critical SIP Call Processing Vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME)

A critical vulnerability (CVE-2024-20375) has been discovered in the Session Initiation Protocol (SIP) call processing function of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME). If exploited, this vulnerability could allow an unauthenticated, remote attacker to cause a Denial of Service (DoS) condition on the affected device. In this post, we will provide an overview of the vulnerability, a code snippet to demonstrate its exploitation, links to original references, and details about potential fixes and mitigations.

Vulnerability Details

The vulnerability is caused due to improper parsing of SIP messages in the call processing function of Cisco Unified CM and Cisco Unified CM SME devices. An attacker can exploit this vulnerability by sending a crafted SIP message to a targeted Cisco Unified CM or Cisco Unified CM SME device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition that interrupts the communications of reliant voice and video devices.

Exploit Code Snippet

The attacker can craft a malicious SIP message; the following code snippet demonstrates a sample SIP message that may be modified to exploit this vulnerability:

INVITE sip:victim@domain.com SIP/2.
Via: SIP/2./UDP attacker.com;branch=z9hG4bK74bf9
Max-Forwards: 70
From: "Attacker" <sip:attacker@domain.com>;tag=3133731337
To: <sip:victim@domain.com>
Call-ID: 200508040857Z@attacker.com
CSeq: 1 INVITE
Contact: <sip:attacker@attacker.com>
Content-Type: application/sdp
Content-Length: 150

v=
o=UserA 2890844526 2890844526 IN IP4 attacker.com
s=Session SDP
c=IN IP4 attacker.com
t= 
m=audio 49170 RTP/AVP 
a=rtpmap: PCMU/800

Original References

1. Cisco's official security advisory regarding this vulnerability can be found here: Cisco Security Advisory
2. The CVE-2024-20375 vulnerability information can be found on the MITRE website: CVE Details

Mitigations and Fixes

While Cisco has not yet released a software update to address the CVE-2024-20375 vulnerability, the following mitigations can be implemented to reduce the risk of exploitation:

Regularly monitor network traffic for any unusual patterns or spikes in SIP request attempts.

In conclusion, the CVE-2024-20375 vulnerability poses a severe risk to the availability of Cisco Unified CM and Cisco Unified CM SME devices. It is crucial that organizations using these devices be aware of the vulnerability, implement the suggested mitigations, and keep an eye out for a future software update from Cisco that addresses the issue.

Timeline

Published on: 08/21/2024 17:15:07 UTC
Last modified on: 08/21/2024 17:24:59 UTC