Owning a Cisco VOIP Environment: Exploiting the Call Manager presented at HITBSecConf Malaysia 2013

by Francisco ,

URL : http://conference.hitb.org/hitbsecconf2013kul/materials/D1T2%20-%20Francisco%20-%20Owning%20a%20Cisco%20VoIP%20Environment.pdf

Summary : Cisco VOIP environments are widely deployed. In this presentation we will demonstrate how it is possible to take control of an entire Cisco VOIP system by targeting the Call Manager (CUCM, Cisco Unified Communications Manager).
We will discuss the advantages of controlling a Call Manager. It is a central and core component of a VOIP network architecture. Taking control of it allows to perform several attacks. All SCCP traffic is sent to this component which means that, once controlled, it is then possible to modify these packets in order to wiretap the entire VOIP network.
We will present the methodology used to perform that audit, and will demonstrate in details how six different vulnerabilities (including five 0days) can be combined together and exploited to take full control of a Call Manager.