Cisco issues CallManager warning

News

Cisco issues CallManager warning

Cisco Systems has warned that its CallManager call-processing application has a security flaw that could leave the product open to a denial of service (DoS) attack. The company has released a patch for this vulnerability.

The bug, which affects CallManager versions 3.0 and 3.1, is the result of a memory leak that can be triggered when a user fails to authenticate properly using the computer telephony integration (CTI) component of CallManager, Cisco said. This flaw can cause the software to crash and could be used to initiate a DoS attack against the product.

Cisco added that the authentication failure problem is most common in systems that have been recently integrated with customer directories. This scenario results from incorrectly configuring the WebAttendant portion of the program, leaving it without a valid password. Systems that do not use the WebAttendant will also be vulnerable, however, as the Telephony Call Dispatch service is enabled by default.

The misconfiguration could also affect other components of the CallManager software.

More information is available at www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml.

Customers should contact Cisco, their reseller or other normal channels to obtain a security fix for the vulnerability, Cisco said.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy