Cisco issues CallManager warning

News

Cisco issues CallManager warning

Cisco Systems has warned that its CallManager call-processing application has a security flaw that could leave the product open to a denial of service (DoS) attack. The company has released a patch for this vulnerability.

The bug, which affects CallManager versions 3.0 and 3.1, is the result of a memory leak that can be triggered when a user fails to authenticate properly using the computer telephony integration (CTI) component of CallManager, Cisco said. This flaw can cause the software to crash and could be used to initiate a DoS attack against the product.

Cisco added that the authentication failure problem is most common in systems that have been recently integrated with customer directories. This scenario results from incorrectly configuring the WebAttendant portion of the program, leaving it without a valid password. Systems that do not use the WebAttendant will also be vulnerable, however, as the Telephony Call Dispatch service is enabled by default.

The misconfiguration could also affect other components of the CallManager software.

More information is available at www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml.

Customers should contact Cisco, their reseller or other normal channels to obtain a security fix for the vulnerability, Cisco said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy