OSVDB ID: 84502

Title: Cisco IOS Multicast Music-on-Hold (MMoH) Feature PSTN Call Crosstalk Remote Information Disclosure

Info

Disclosure

May 25, 2012

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 25, 2012

Description

Cisco IOS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by an unspecified error in the Multicast Music-on-Hold (MMoH) feature, which may allow a remote attacker to listen in on a PSTN Call. This may allow the attacker to gain access to potentially sensitive crosstalk information.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Upgrade to version 15.1(3)T4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Cisco Systems, Inc.	Cisco IOS	15.2
		15.1

References

CVE ID: 2012-1361 (see also: NVD)
Vendor Specific News/Changelog Entry: http://www.cisco.com/en/US/docs/ios/15_1/release/notes/151-3TCAVS.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/84502

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Cisco Systems, Inc.

Cisco IOS

References

Credit