Title: Cisco Media Gateway Controller Solaris Vulnerability Exposure Vulnerability
Severity: CRITICAL
Description:
The Cisco Media Gateway Controller (MGC) product is based on Sun's Solaris operating system version 2.6.
There are a number of unpatched vulnerabilities present by default in Solaris 2.6 that may be exploited to compromise the device. Some of them may be remotely exploitable. If an administrator has not installed fixes from Sun or otherwise secured the system manually, these vulnerabilities may provide a means for attackers to take control of the MGC systems.
Cisco's Product Security Incident Response Team (PSIRT) is aware of intrusions into systems due to these vulnerabilities.
Cisco has made patches available for MGC systems that correct the Solaris vulnerabilities. The first patch corrects unpatched vulnerabilities in the operating system. The second disables services installed and running by default.
Affected Products:
- Cisco Billing and Management Server 0.0.0
- Cisco PGW2200 PSTN Gateway 0.0.0
- Cisco Signaling Controller 2200 0.0.0
- Cisco Virtual Switch Controller 3000 0.0.0
- Cisco Voice Services Provisioning Tool 0.0.0
- Sun Solaris 2.5.1
- Sun Solaris 2.6
References:
- CERT: Detecting Signs of Intrusion
- Cisco Systems: Cisco Call Manager Express
- Cisco Systems: Hardening of Solaris OS for MGC
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
