Cisco Systems Inc. has released a security update that addresses flaws in its CallManager and Unified Communications Manager product line. An attacker can exploit the flaws to conduct cross-site scripting and SQL injection attacks.
The San Jose, Calif.-based networking giant said in its cisco-sa-20070829-ccm advisory
Requires Free Membership to View
SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!
Michael S. Mimoso, Editorial Director
that the programs are vulnerable to cross-site Scripting (XSS) and SQL injection attacks in the so-called lang variable of the admin and user log-on pages. "A successful attack may allow an attacker to run JavaScript on computer systems connecting to CallManager or Unified Communications Manager servers, and has the potential to disclose information within the database," the vendor said.
Cisco CallManager (CCM) is the software-based call processing component for Cisco's IP telephony product line. Cisco Unified Communications Manager extends enterprise telephony features and capabilities to packet network devices such as IP phones, media processing devices, voice over IP (VoIP) gateways, and multimedia applications, according to the Cisco Web site. Additional services, such as unified messaging, multimedia conferencing, collaborative contact centers, and interactive multimedia response systems are made possible through open telephony APIs, Cisco said.
Danish vulnerability clearinghouse Secunia rates the flaws as moderately critical in its SA26641 advisory, describing two specific problems.
The input passed to unspecified parameters to the admin or user logon pages is not properly sanitized before being returned to the user, Secunia said. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
Also, input passed to unspecified parameters to the admin or user logon pages is not properly sanitized before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code, Secunia said.
Secunia independently confirmed that the flaws affect Cisco CallManager and Unified Communications Manager released prior to versions 3.3(5)sr2b, 4.1(3)sr5, 4.2(3)sr2 and 4.3(1)sr1. The solution is to update to versions 3.3(5)sr2b, 4.1(3)sr5, 4.2(3)sr2, or 4.3(1)sr1.