Cisco Systems Inc. issued an advisory warning customers about a heap overflow condition in its Unified Communications...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Manager that could be exploited to cause a denial of service condition.
Cisco said an attacker does not have to be authenticated to exploit the flaw. The flaw affects Cisco UCM versions 4.2, 4.3, 5.1 and 6.0 and Cisco Unfied CallManager versions 3.3, 4.0, 4.1 and 5.0. An update is available to fix the flaw.
A possible workaround could be implemented by disabling the CTL Provider service when not in use. Filtering traffic to the affected systems on screening devices can also mitigate the threat, Cisco said.
There are no known active exploits in the wild, Cisco said.