BugZero | Cisco BugID CSCwa87675 - CUBE enforce incorrect srtp key in 200OK for early...

Loading...

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

Operational Defect Database

A free repository of operational (non-security) bugs centralized through custom integrations with leading IT vendors.

Product

Enterprise platform
Bug Scrub Advisor
Operational Risk Scoring
Vendor Integrations

Company

Plans
Value Guide
About
Contact us

Resources

Blog
ServiceNow App
Trust Center
Risk Management
NIST
DORA

©2025 BugZero. All Rights Reserved.

Privacy Policy Terms of Service

BugZero | Cisco BugID CSCwa87675 - CUBE enforce incorrect srtp key in 200OK for early...

ODD
Cisco
CSCwa87675

Cisco - Defect ID: CSCwa87675

CUBE enforce incorrect srtp key in 200OK for early dialog UPDATE

ODD
Cisco
CSCwa87675

Cisco - Defect ID: CSCwa87675

CUBE enforce incorrect srtp key in 200OK for early dialog UPDATE

Last updated on May 11th, 2025

BugZero Risk Score
6.1 Medium

Overall: 6.1

Severity: 6.4

Lifecycle: 9.1

Popularity: 4.6

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Bug Details

Views: 1

Description

Symptom

CUBE enforce incorrect srtp key in 200OK during early dialog UPDATE, resulting call establishment failure. Call flow: CUCM > srtp > CUBE > rtp > ITSP 1. CUCM sends INVITE to CUBE with only crypto AES_CM_128_HMAC_SHA1_32 2. CUBE replies 183 with same crypto suit (PRACK is enabled) 3. CUCM sends early dialog UPDATE with SDP and 4x crypto lines: AEAD_AES_256_GCM AEAD_AES_128_GCM AES_CM_128_HMAC_SHA1_80 AES_CM_128_HMAC_SHA1_32 4. CUBE forwards 200OK response with new selected AEAD_AES_256_GCM suite, but the key length is small in SDP - 40 characters which is not sufficient. 5. CUCM cancel call attempt with rc=47

Conditions

Workaround

Avoid using GCM ciphers, apply below globally or on desired dial-peer with srtp capability: ! voice class srtp-crypto 1 crypto 1 AES_CM_128_HMAC_SHA1_32 crypto 2 AES_CM_128_HMAC_SHA1_80 !

Further Problem Description

Change history

2025-05-11 Added: 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1a, 17.12.1w, 17.12.1x, 17.12.1y, 17.12.1z, 17.12.1z1, 17.12.1z2, 17.12.1z3, 17.12.1z4, 17.12.2, 17.12.2a, 17.12.3, 17.12.3a, 17.12.4, 17.12.4a, 17.12.4b, 17.12.5, 17.12.5a, 17.13.1, 17.13.1a, 17.14.1, 17.14.1a, 17.15.1, 17.15.1a, 17.15.1b, 17.15.1w, 17.15.1x, 17.15.1y, 17.15.2, 17.15.2a, 17.15.2b, 17.15.2c, 17.15.3, 17.15.3a, 17.16.1, 17.16.1a, 17.17.1, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.6.7, 17.6.8, 17.6.8a, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, 17.9.5b, 17.9.5c, 17.9.5d, 17.9.5e, 17.9.5f, 17.9.6, 17.9.6a, 17.9.6b, 17.9.7, 17.9.7a

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1a, 17.12.1w, 17.12.1x, 17.12.1y, 17.12.1z, 17.12.1z1, 17.12.1z2, 17.12.1z3, 17.12.1z4, 17.12.2, 17.12.2a, 17.12.3, 17.12.3a, 17.12.4, 17.12.4a, 17.12.4b, 17.12.5, 17.12.5a, 17.13.1, 17.13.1a, 17.14.1, 17.14.1a, 17.15.1, 17.15.1a, 17.15.1b, 17.15.1w, 17.15.1x, 17.15.1y, 17.15.2, 17.15.2a, 17.15.2b, 17.15.2c, 17.15.3, 17.15.3a, 17.16.1, 17.16.1a, 17.17.1, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.6.7, 17.6.8, 17.6.8a, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, 17.9.5b, 17.9.5c, 17.9.5d, 17.9.5e, 17.9.5f, 17.9.6, 17.9.6a, 17.9.6b, 17.9.7, 17.9.7a

Relevant Products

Click on a version to see all relevant bugs

Affected versions:No known affected versions

Fixed versions: 17.10.1, 17.10.1a, 17.10.1b, 17.11.1, 17.11.1a, 17.12.02a, 17.12.1, 17.12.1a, 17.12.1w, 17.12.1x, 17.12.1y, 17.12.1z, 17.12.1z1, 17.12.1z2, 17.12.1z3, 17.12.1z4, 17.12.2, 17.12.2a, 17.12.3, 17.12.3a, 17.12.4, 17.12.4a, 17.12.4b, 17.12.5, 17.12.5a, 17.13.1, 17.13.1a, 17.14.1, 17.14.1a, 17.15.1, 17.15.1a, 17.15.1b, 17.15.1w, 17.15.1x, 17.15.1y, 17.15.2, 17.15.2a, 17.15.2b, 17.15.2c, 17.15.3, 17.15.3a, 17.16.1, 17.16.1a, 17.17.1, 17.3.6, 17.3.7, 17.3.8, 17.3.8a, 17.6.4, 17.6.5, 17.6.5a, 17.6.6, 17.6.6a, 17.6.7, 17.6.8, 17.6.8a, 17.8.1, 17.8.1a, 17.9.1, 17.9.1a, 17.9.1w, 17.9.1x, 17.9.1x1, 17.9.1y, 17.9.1y1, 17.9.2, 17.9.2a, 17.9.3, 17.9.3a, 17.9.4, 17.9.4a, 17.9.5, 17.9.5a, 17.9.5b, 17.9.5c, 17.9.5d, 17.9.5e, 17.9.5f, 17.9.6, 17.9.6a, 17.9.6b, 17.9.7, 17.9.7a

Top Cisco Defects

9.7Defect ID: CSCvd48893
Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution Vulnerability
9.7Defect ID: CSCvv15096
9200L: SYS-3-CPUHOG: Task is running for (2843)msecs, more than (2000)msecs process = SAUtilReport.
9.7Defect ID: CSCwe01579
Cat9800 wncd reload while creating an RRM Client Coverage on large scale setup
9.7Defect ID: CSCwc66646
Unexpected Reload due to Segmentation Fault in the CCSIP_SPI_CONTROL process
9.7Defect ID: CSCwf08698
Cat9k Crashes Unexpectedly due to a Fault in the 'TLSCLIENT_PROCESS'

Ready to prevent the next vendor outage?

Links

Original Vendor Announcement

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise