Cisco warns of UCM flaws

Cisco has warned that several versions of its Unified Call Managers have security problems.

Cisco Systems issued an advisory on Wednesday warning customers about vulnerabilities in its Unified Communications Manager that could interrupt voice services and disclose information useful to an attacker.

Cisco released software updates to fix the flaws in CUCM, which is the call processing component of the Cisco IP Telephony system and was formerly called Cisco CallManager.

The Computer Telephony Integration (CTI) Manager service of CUCM versions 5.x and 6.x contains a flaw that could result in a DoS when handling malformed input, according to the Cisco advisory.

The other vulnerability affects the Real-Time Information Server (RIS) Data Collector service of CUCM versions 4.x, 5.x, and 6.x. The flaw, an authentication bypass vulnerability, could lead to unauthorized disclosure of CUCM cluster information including user names and configured IP phones, which an intruder could use to mount further attacks, Cisco said. No passwords can be obtained by exploiting the flaw.

Cisco said it was unaware of any malicious exploitation of the flaws.

Products affected by the vulnerabilities are: Cisco Unified CallManager 4.1; CUCM 4.2 versions prior to 4.2(3) SR4; 4.3 versions prior to 4.3(2)SR1; 5.x versions prior to 5.1(3c); and 6.x versions prior to 6.1(2).



Enjoy the benefits of CW+ membership, learn more and join.

Read more on Voice networking and VoIP



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...