News Stay informed about the latest enterprise technology news and product updates.

Cisco warns of UCM flaws

Updates are available to fix DoS and authentication bypass vulnerabilities in Cisco UCM.

Cisco Systems issued an advisory on Wednesday warning customers about vulnerabilities in its Unified Communications Manager that could interrupt voice services and disclose information useful to an attacker.

Cisco released software updates to fix the flaws in CUCM, which is the call processing component of the Cisco IP Telephony system, and was formerly called Cisco CallManager.

The Computer Telephony Integration (CTI) Manager service of CUCM versions 5.x and 6.x contains a flaw that could result in a DoS when handling malformed input, according to the Cisco advisory.

The other vulnerability affects the Real-Time Information Server (RIS) Data Collector service of CUCM versions 4.x, 5.x and 6.x. The flaw, an authentication bypass vulnerability, could lead to unauthorized disclosure of CUCM cluster information, including user names and configured IP phones, which an intruder could use to mount further attacks, Cisco said. No passwords can be obtained by exploiting the flaw.

Cisco said it was unaware of any malicious exploitation of the flaws.

Products affected by the vulnerabilities are: Cisco Unified CallManager 4.1; CUCM 4.2 versions prior to 4.2(3) SR4; 4.3 versions prior to 4.3(2)SR1; 5.x versions prior to 5.1(3c); and 6.x versions prior to 6.1(2).

Dig Deeper on Network device security: Appliances, firewalls and switches

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.