Cisco is warning of vulnerabilities in several voice products that could allow a remote attacker to obtain unauthorized administrative control or cause a denial of service.
The default installation of Cisco's Director Agent on IBM servers
In addition, by scanning port 14247, an attacker can initiate a Director Agent process that will take up 100% of the CPU. This will cause a denial of service, unless the server is shut down.
The Director Agent is part of several Cisco voice products, including CallManager, IP Interactive Voice Response, IP Call Center Express, Personal Assistant, Emergency Responder and Conference Connection. The problem occurs on a variety of IBM-based servers running any version of the operating system before OS 2000.2.6.
Cisco is providing a repair script that will mitigate the vulnerabilities without needing a software upgrade. The repair script keeps the Director Agent from listening for remote connections on TCP or UDP ports 14247. If port 14247 is enabled, the Director Agent won't automatically accept connections. The script also disables certain access and control files not required for Director Server to function.