Cisco warns of UCM flaws

By SearchSecurity.com Staff 25 Jun 2008 | SearchSecurity.com

Security Wire Daily News Digg This!     StumbleUpon     Del.icio.us

Cisco Systems issued an advisory on Wednesday warning customers about vulnerabilities in its Unified Communications Manager that could interrupt voice services and disclose information useful to an attacker.

Cisco released software updates to fix the flaws in CUCM, which is the call processing component of the Cisco IP Telephony system, and was formerly called Cisco CallManager.

The Computer Telephony Integration (CTI) Manager service of CUCM versions 5.x and 6.x contains a flaw that could result in a DoS when handling malformed input, according to the Cisco advisory.

The other vulnerability affects the Real-Time Information Server (RIS) Data Collector service of CUCM versions 4.x, 5.x and 6.x. The flaw, an authentication bypass vulnerability, could lead to unauthorized disclosure of CUCM cluster information, including user names and configured IP phones, which an intruder could use to mount further attacks, Cisco said. No passwords can be obtained by exploiting the flaw.

Cisco said it was unaware of any malicious exploitation of the flaws.

Products affected by the vulnerabilities are: Cisco Unified CallManager 4.1; CUCM 4.2 versions prior to 4.2(3) SR4; 4.3 versions prior to 4.3(2)SR1; 5.x versions prior to 5.1(3c); and 6.x versions prior to 6.1(2).

Tags: Network Device Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Network Device Management How to prepare for a secure network hardware upgrade Researchers find thousands of flawed embedded devices Is there a way to block iPhone widgets that bypass Web filters? Will an application usage policy best control network bandwidth? What is the difference between static and dynamic network validation? How to manage network bandwidth with distributed ISP bandwidth DNSSEC deployments gain momentum since Kaminsky DNS bug Firewall rule management best practices What are best practices for fiber optic cable security? The requirements for being a PCI DSS-compliant service provider

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary OCSP  (SearchSecurity.com) trusted computing base  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary