In association with heise online

12 July 2007, 12:09

Cisco Unified Communication Manager executes remote code

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The VoIP products Unified Communication Manager and Presence Server from Cisco contain security vulnerabilities. Attackers can exploit these to inject remote code or allow administrators with restricted privileges to gain unauthorised access to the server. The manufacturer has provided updates which eliminate the vulnerabilities.

In Unified Communication Manager, the services Certificate Trust List Provider and Real-Time Information Server Data Collector listen by default on port 2444 or on port 2556 for incoming TCP connections. Heap overflows can occur in these components which may allow the execution of injected code.

Both Unified Communications Manager and Unified Presence Server allow unauthorised administrators to activate or deactivate services, which can cause a denial of service. In addition, they are able to tap into confidential SNMP data and cache settings.

The first vulnerability affects Unified Call Manager prior to versions 3.3(5)SR3, 4.1(3)SR5, 4.2(3)SR2 and 5.0 and 5.1 prior to Version 5.1(2). The vulnerability can also be found in Unified Communications Manager prior to Version 4.3(1)SR1. The second vulnerability affects Unified Communications Manager previous to 4.3(1)SR1 and Unified Presence Server 1.0 through 1.0(3). Cisco provides links to updates for the affected products in their security advisory.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit