TechTarget

Cisco unified comms systems allow denial of service attacks

Cisco’s unified communications management platforms have been hit by various security vulnerabilities which allow buffer overflow attacks and unauthorised access.

Cisco’s unified communications management platforms have been hit by various security vulnerabilities which allow buffer overflow attacks and unauthorised access.

Cisco Unified Communications Manager (CUCM), formerly known as CallManager, contains two overflow vulnerabilities that could allow a remote unauthenticated user to cause a denial of service condition or execute arbitrary code, said Cisco.

In addition, Cisco Unified Communications Manager and Cisco Unified Presence Server (Cups) contain vulnerabilities that could allow an unauthorised administrator to activate and terminate CUCM or Cups system services, and access SNMP configuration information.

These holes could allow denial of service attacks on CUCM or Cups cluster systems, and the disclosure of sensitive SNMP details, including community strings, said Cisco.

Some workarounds are available for some of the flaws and Cisco is in the process of distributing software to protect users.

Cisco advisories on the vulnerabilities >>

Cisco users upbeat about security direction >>

Cisco overhauls networking certification to address skills >>

Comment on this article: computer.weekly@rbi.co.uk

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close