Article

Cisco plugs serious UCM flaw

SearchSecurity.com Staff

Cisco Systems Inc. issued an advisory warning customers about a heap overflow condition in its Unified Communications Manager that could be exploited to cause a denial of service condition.

    Requires Free Membership to View

Cisco said an attacker does not have to be authenticated to exploit the flaw. The flaw affects Cisco UCM versions 4.2, 4.3, 5.1 and 6.0 and Cisco Unfied CallManager versions 3.3, 4.0, 4.1 and 5.0. An update is available to fix the flaw.

A possible workaround could be implemented by disabling the CTL Provider service when not in use. Filtering traffic to the affected systems on screening devices can also mitigate the threat, Cisco said.

There are no known active exploits in the wild, Cisco said.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: