Vulnerable Products

Any SRTP System

Impact

Weak mandatory encryption algorithm for SRTP may be cracked using brute-force techniques.

Risk level

Medium

Vector

External

Details

The Secure Real-time Transport Protocol (or SRTP) defines a profile of RTP (Real-time Transport Protocol), intended to provide encryption, message authentication and integrity, and replay protection to the RTP data in both unicast and multicast applications. It was developed by a small team of IP protocol and cryptographic experts from Cisco

Weak mandatory encryption algorithm for SRTP may be cracked using brute-force techniques, the protocol vulnerability was found it due to SRTP flexibility.  SRTP is conformant if it only supports DES encryption, which can be cracked by brute-force techniques.

Endpoints and proxies using SRTP should be enforced to use stronger encryption algorithms.

Fixed Software

Cisco has released free software updates that address these vulnerabilities. Prior to deploying software, customers should consult their maintenance provider or check the software for feature set compatibility and known issues specific to their environment.

Customers may only install and expect support for the feature sets they have purchased. By installing, downloading, accessing or otherwise using such software upgrades, customers agree to be bound by the terms of Cisco’s software license terms found at http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html , or as otherwise set forth at Cisco.com Downloads at http://www.cisco.com/public/sw-center/sw-usingswc.shtml.

Remediation

Redshift Networks UCTM might work as an authentication proxy for exchanging credentials using strong encryption. For more information on RedShift Networks, pls. go to www.redshiftnetworks.com.