Check: SRG-NET-000147-VVEP-00016
Voice Video Endpoint SRG:
SRG-NET-000147-VVEP-00016
(in versions v2 r2 through v1 r4)
Title
The hardware Voice Video Endpoint using SIP or AS-SIP signaling must prevent cross-site scripting attacks caused by improper filtering or validation of the content of SIP invitation fields. (Cat II impact)
Discussion
A cross-site scripting vulnerability has been demonstrated by adding scripting code to the "From:" field in the SIP invite. Upon receiving the invite, the embedded code can be executed by a vulnerable embedded web server to download additional malicious code and launch an attack. The demonstration of the vulnerability also exists on www.securityfocus.com under Bugtraq ID: 25987, which pops up a specific alert box on the user’s workstation after downloading a SIP invite. While this vulnerability has been demonstrated on a specific IP phone, it could potentially affect all SIP-based endpoints or clients and their signaling partners. This vulnerability is a result of improper filtering or validation of the content of the various fields in the SIP invite and potentially the Session Description Protocol (SDP) portion of the invite. The injected code potentially causes malicious code to be run on the target device, to include an endpoint (hard or soft), a session controller, or any other SIP signaling partner. Additionally, this vulnerability may affect applications other than SIP VoIP clients, such as IM clients. A similar vulnerability results when URLs embedded in SIP messages are launched automatically.
Check Content
If the Voice Video Endpoint is not a hardware endpoint, this check procedure is Not Applicable. Verify the hardware Voice Video Endpoint using SIP or AS-SIP signaling prevents cross-site scripting attacks caused by improper filtering or validation of the content of SIP invitation fields. If the hardware Voice Video Endpoint does not use SIP or AS-SIP, this is not a finding. If the hardware Voice Video Endpoint does not prevent cross-site scripting attacks caused by improper filtering or validation of the content of SIP invitation fields, this is a finding.
Fix Text
Configure the hardware Voice Video Endpoint using SIP or AS-SIP signaling to prevent cross-site scripting attacks caused by improper filtering or validation of the content of SIP invitation fields.
Additional Identifiers
Rule ID: SV-206764r604140_rule
Vulnerability ID: V-206764
Group Title: SRG-NET-000147
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001942 |
The information system implements replay-resistant authentication mechanisms for network access to non-privileged accounts. |
Controls
Number | Title |
---|---|
IA-2 (9) |
Network Access To Non-Privileged Accounts - Replay Resistant |