Cisco plugs serious UCM flaw |
 |
By SearchSecurity.com Staff
17 Jan 2008 | SearchSecurity.com |
|
|
Cisco Systems Inc. issued an advisory warning customers about a heap overflow condition in its Unified Communications Manager that could be exploited to cause a denial of service condition.
Cisco said an attacker does not have to be authenticated to exploit the flaw. The flaw affects Cisco UCM versions 4.2, 4.3, 5.1 and 6.0 and Cisco Unfied CallManager versions 3.3, 4.0, 4.1 and 5.0. An update is available to fix the flaw.
A possible workaround could be implemented by disabling the CTL Provider service when not in use. Filtering traffic to the affected systems on screening devices can also mitigate the threat, Cisco said.
There are no known active exploits in the wild, Cisco said.
|
