Cisco Systems has released a security update that
addresses flaws in its
CallManager and Unified Communications Manager product line. An
attacker can exploit the flaws to conduct cross-site scripting and
SQL injection attacks.
The networking company said in its
cisco-sa-20070829-ccm advisory that the
programs are vulnerable to
cross-site Scripting
(XSS) and
SQL injection attacks in the so-called lang variable of the
admin and user log-on pages. "A successful attack may allow an
attacker to run JavaScript on computer systems connecting to
CallManager or Unified Communications Manager servers, and has the
potential to disclose information within the database," the company
said.
Cisco CallManager (CCM) is the software-based call processing
component for Cisco's IP telephony product line. Cisco Unified
Communications Manager extends enterprise telephony features and
capabilities to packet network devices such as IP phones, media
processing devices, voice over IP (VoIP) gateways, and multimedia
applications, according to the Cisco Web site. Additional services,
such as unified messaging, multimedia conferencing, collaborative
contact centers, and interactive multimedia response systems are
made possible through open telephony APIs, Cisco said.
Danish vulnerability clearinghouse Secunia rates the flaws as
moderately critical in its
SA26641 advisory, describing two specific
problems.
The input passed to unspecified parameters to the admin or user
logon pages is not properly sanitised before being returned to the
user, Secunia said. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an
affected site.
Also, input passed to unspecified parameters to the admin or
user logon pages is not properly sanitised before being used in SQL
queries. This can be exploited to manipulate SQL queries by
injecting arbitrary SQL code, Secunia said.
Secunia independently confirmed that the flaws affect Cisco
CallManager and Unified Communications Manager released prior to
versions 3.3(5)sr2b, 4.1(3)sr5, 4.2(3)sr2 and 4.3(1)sr1. The
solution is to update to versions 3.3(5)sr2b, 4.1(3)sr5, 4.2(3)sr2,
or 4.3(1)sr1.