News

Cisco unified comms systems allow denial of service attacks

Cisco’s unified communications management platforms have been hit by various security vulnerabilities which allow buffer overflow attacks and unauthorised access.

Cisco Unified Communications Manager (CUCM), formerly known as CallManager, contains two overflow vulnerabilities that could allow a remote unauthenticated user to cause a denial of service condition or execute arbitrary code, said Cisco.

In addition, Cisco Unified Communications Manager and Cisco Unified Presence Server (Cups) contain vulnerabilities that could allow an unauthorised administrator to activate and terminate CUCM or Cups system services, and access SNMP configuration information.

These holes could allow denial of service attacks on CUCM or Cups cluster systems, and the disclosure of sensitive SNMP details, including community strings, said Cisco.

Some workarounds are available for some of the flaws and Cisco is in the process of distributing software to protect users.

Cisco advisories on the vulnerabilities >>

Cisco users upbeat about security direction >>

Cisco overhauls networking certification to address skills >>

Comment on this article: computer.weekly@rbi.co.uk


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy