Cisco unified comms systems allow denial of service attacks


Cisco unified comms systems allow denial of service attacks

Antony Savvas

Cisco’s unified communications management platforms have been hit by various security vulnerabilities which allow buffer overflow attacks and unauthorised access.

Cisco Unified Communications Manager (CUCM), formerly known as CallManager, contains two overflow vulnerabilities that could allow a remote unauthenticated user to cause a denial of service condition or execute arbitrary code, said Cisco.

In addition, Cisco Unified Communications Manager and Cisco Unified Presence Server (Cups) contain vulnerabilities that could allow an unauthorised administrator to activate and terminate CUCM or Cups system services, and access SNMP configuration information.

These holes could allow denial of service attacks on CUCM or Cups cluster systems, and the disclosure of sensitive SNMP details, including community strings, said Cisco.

Some workarounds are available for some of the flaws and Cisco is in the process of distributing software to protect users.

Cisco advisories on the vulnerabilities >>

Cisco users upbeat about security direction >>

Cisco overhauls networking certification to address skills >>

Comment on this article:

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy