CIsco IOS CME Hacking via E1

Unanswered Question
May 21st, 2014
User Badges:

Hi

 

Is it possible for someone to make calls via cme running on ios v12.4 using E1 PRI connection?

 

May 13 2014 15:39:36 00:15:07                          00881842011129           1

May 13 2014 15:50:36 00:05:35                          00881842011146

 

As log above shows, call was made but cant tell who made the call internally???

 

May 13 2014 16:28:43 00:00:26 00881842011146                                    2

May 13 2014 16:29:13 00:00:27 00881842011129                                    2

 

The other log shows originating call as external number but no destination.

 

2014-05-13 15:54:01    Local7.Notice    172.23.100.1    97068: 097064: *May 13 15:53:36.831 GMT: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:05/13/2014 15:53:03.978,cgn:213,cdn:230,frs:0,fid:65343,fcid:BCC8122FD9DC11E39449EEC1BC9630B,legID:82FC,bguid:BCC8122FD9DC11E39449EEC10BC9630B

 

2014-05-13 15:55:07    Local7.Info    172.23.100.1    97069: 097065: *May 13 15:54:43.295 GMT: %ISDN-6-DISCONNECT: Interface Serial0/3/0:29  disconnected from 00881842011129 , call lasted 900 seconds

 

2014-05-13 15:50:24    Local7.Notice    172.23.100.1    97062: 097058: *May 13 15:49:59.860 GMT: %VOIPAAA-5-VOIP_FEAT_HISTORY: FEAT_VSA=fn:TWC,ft:05/13/2014 15:49:48.388,cgn:,cdn:6800,frs:0,fid:65338,fcid:48834FCED9DC11E38BE100229032E5E0,legID:82F7,bguid:48834FCED9DC11E38BE100229032E5E0

 

2014-05-13 15:50:48    Local7.Info    172.23.100.1    97063: 097059: *May 13 15:50:23.360 GMT: %ISDN-6-CONNECT: Interface Serial0/3/0:19 is now connected to N/A N/A

 

2014-05-13 15:51:08    Local7.Info    172.23.100.1    97064: 097060: *May 13 15:50:43.041 GMT: %ISDN-6-CONNECT: Interface Serial0/3/0:30 is now connected to 00881842011146 N/A

 

The above logs are from syslog.

From firewall side, all SIP, H323 ports are blocked.

 

Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion