Cisco plugs serious UCM flaw

A heap overflow flaw in Cisco's Unified Communications Manager could be exploited to cause a denial of service condition.

Cisco Systems Inc. issued an advisory warning customers about a heap overflow condition in its Unified Communications Manager that could be exploited to cause a denial of service condition.

Cisco said an attacker does not have to be authenticated to exploit the flaw. The flaw affects Cisco UCM versions 4.2, 4.3, 5.1 and 6.0 and Cisco Unfied CallManager versions 3.3, 4.0, 4.1 and 5.0. An update is available to fix the flaw.

A possible workaround could be implemented by disabling the CTL Provider service when not in use. Filtering traffic to the affected systems on screening devices can also mitigate the threat, Cisco said.

There are no known active exploits in the wild, Cisco said.

Dig deeper on Network Device Management

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close