TechTarget

Cisco issues CallManager warning

Cisco Systems has warned that its CallManager call-processing application has a security flaw that could leave the product open...

Cisco Systems has warned that its CallManager call-processing application has a security flaw that could leave the product open to a denial of service (DoS) attack. The company has released a patch for this vulnerability.

The bug, which affects CallManager versions 3.0 and 3.1, is the result of a memory leak that can be triggered when a user fails to authenticate properly using the computer telephony integration (CTI) component of CallManager, Cisco said. This flaw can cause the software to crash and could be used to initiate a DoS attack against the product.

Cisco added that the authentication failure problem is most common in systems that have been recently integrated with customer directories. This scenario results from incorrectly configuring the WebAttendant portion of the program, leaving it without a valid password. Systems that do not use the WebAttendant will also be vulnerable, however, as the Telephony Call Dispatch service is enabled by default.

The misconfiguration could also affect other components of the CallManager software.

More information is available at www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml.

Customers should contact Cisco, their reseller or other normal channels to obtain a security fix for the vulnerability, Cisco said.

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close