Cisco Unified Communications Manager (CUCM), formerly known as CallManager, contains two overflow vulnerabilities that could allow a remote unauthenticated user to cause a denial of service condition or execute arbitrary code, said Cisco.
In addition, Cisco Unified Communications Manager and Cisco Unified Presence Server (Cups) contain vulnerabilities that could allow an unauthorised administrator to activate and terminate CUCM or Cups system services, and access SNMP configuration information.
These holes could allow denial of service attacks on CUCM or Cups cluster systems, and the disclosure of sensitive SNMP details, including community strings, said Cisco.
Some workarounds are available for some of the flaws and Cisco is in the process of distributing software to protect users.
Comment on this article: firstname.lastname@example.org