Intrusion Prevention

IBM.Director.Agent.Port.Scan.DoS

Description

This indicates an attack attempt to exploit a vulnerability in the Cisco IBM Director agent. It is a tool released by IBM to monitor and control computer systems remotely. Remote attackers can cause a denial of service (DoS) by sending specially crafted requests to TCP port 14247.

Affected Products

Cisco CallManager
Cisco IP Interactive Voice Response (IP IVR)
Cisco IP Call Center Express (IPCC Express)
Cisco Personal Assistant (PA)
Cisco Emergency Responder (CER)
Cisco Conference Connection (CCC)
Cisco Internet Service Node (ISN) running on an IBM with an affected OS version.
IBM X330 (8654 or 8674)
IBM X340
IBM X342
IBM X345
MCS-7815-1000
MCS-7815I-2.0
MCS-7835I-2.4
MCS-7835I-3.0

Impact

Denial of Service: Remote attackers can crash vulnerable systems.

Recommended Actions

Refer to the vendor's web site for suggested workaround:
http://www.cisco.com/pcgi-bin/tablebuild.pl/cmva-3des.

CVE References

CVE-2004-1759