Cisco fixes holes in Communication Manager
Cisco has released an update to fix flaws in its Unified Communication Manager (CUCM), formerly called Unified CallManager. CUCM is a central component for managing call signalling and voice, data, and video services on Cisco's Unified Communication Platform. According to the company's security advisory, attackers could bypass authentication for access to the data collector service on TCP port 2556. They could then terminate voice over IP connections or gather management and status information on connected devices.
The update also fixes a problem not described in detail – it seems that manipulated data packets sent to TCP port 2748 could cause Computer Telephony Integration services to crash. CUCM versions 4.x, 5.x and 6.x are affected.
See also:
- Cisco Unified Communications Manager Denial of Service and Authentication Bypass Vulnerabilities, Cisco security advisory
(mba)