Cisco patches Unified Communications manager
Cisco has released an update for it's Unified Communications Manager software which fixes multiple vulnerabilities. The update closes two SQL injection vulnerabilities in the Unified Communications Manager which allowed an attacker to take control of the communications server.
Cisco has also eliminated three denial of service vulnerabilities in the processing of Voice Over IP (VOIP) SIP messages and a directory traversal vulnerability. All Unified Communication Manger versions 6.x and later are affected. Cisco has patches available now for all versions except 7.x which it expects to have available by the end of the month.
Cisco has also updated the firmware for the Cisco Wireless LAN Controller software to fix a denial of service vulnerability which exists in version 6.0 and 7.0 of the firmware; The updates are available immediately.