Cisco’s
unified communications management platforms have been hit by
various security vulnerabilities which allow buffer overflow
attacks and unauthorised access.
Cisco Unified Communications Manager (CUCM), formerly known as
CallManager, contains two overflow vulnerabilities that could
allow a remote unauthenticated user to cause a
denial of service condition or execute arbitrary code, said
Cisco.
In addition, Cisco Unified Communications Manager and Cisco
Unified Presence Server (Cups) contain vulnerabilities that could
allow an unauthorised administrator to activate and terminate CUCM
or Cups system services, and access
SNMP configuration information.
These holes could allow denial of service attacks on CUCM or
Cups cluster systems, and the disclosure of sensitive SNMP details,
including community strings, said Cisco.
Some workarounds are available for some of the flaws and Cisco
is in the process of distributing software to protect users.
Cisco advisories on the vulnerabilities >>
Cisco users upbeat about security direction >>
Cisco overhauls networking certification to address skills
>>
Comment on this article:
computer.weekly@rbi.co.uk