Cisco Unified Communication Manager executes remote code
The VoIP products Unified Communication Manager and Presence Server from Cisco contain security vulnerabilities. Attackers can exploit these to inject remote code or allow administrators with restricted privileges to gain unauthorised access to the server. The manufacturer has provided updates which eliminate the vulnerabilities.
In Unified Communication Manager, the services Certificate Trust List Provider and Real-Time Information Server Data Collector listen by default on port 2444 or on port 2556 for incoming TCP connections. Heap overflows can occur in these components which may allow the execution of injected code.
Both Unified Communications Manager and Unified Presence Server allow unauthorised administrators to activate or deactivate services, which can cause a denial of service. In addition, they are able to tap into confidential SNMP data and cache settings.
The first vulnerability affects Unified Call Manager prior to versions 3.3(5)SR3, 4.1(3)SR5, 4.2(3)SR2 and 5.0 and 5.1 prior to Version 5.1(2). The vulnerability can also be found in Unified Communications Manager prior to Version 4.3(1)SR1. The second vulnerability affects Unified Communications Manager previous to 4.3(1)SR1 and Unified Presence Server 1.0 through 1.0(3). Cisco provides links to updates for the affected products in their security advisory.
- Cisco Unified Communications Manager Overflow Vulnerabilities, security advisory from Cisco
- Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities, security advisory from Cisco
(mba)