Cisco unified comms systems allow denial of service attacks
- Author:
- Antony Savvas
- Posted:
- 00:00 17 Jul 2007
- Topics:
- Security
Cisco’s unified communications management platforms have been hit by various security vulnerabilities which allow buffer overflow attacks and unauthorised access.
Cisco Unified Communications Manager (CUCM), formerly known as CallManager, contains two overflow vulnerabilities that could allow a remote unauthenticated user to cause a denial of service condition or execute arbitrary code, said Cisco.
In addition, Cisco Unified Communications Manager and Cisco Unified Presence Server (Cups) contain vulnerabilities that could allow an unauthorised administrator to activate and terminate CUCM or Cups system services, and access SNMP configuration information.
These holes could allow denial of service attacks on CUCM or Cups cluster systems, and the disclosure of sensitive SNMP details, including community strings, said Cisco.
Some workarounds are available for some of the flaws and Cisco is in the process of distributing software to protect users.
Cisco advisories on the vulnerabilities >>
Cisco users upbeat about security direction >>
Cisco overhauls networking certification to address skills >>
Comment on this article: computer.weekly@rbi.co.uk