Cisco patches Unity Server
Cisco has released security updates for its Unity unified messaging system. Unity links with Microsoft Exchange Server and Lotus Notes, integrating voicemail and fax into an enterprise email system, allowing users to access their voicemails over the internet, to listen to emails over the phone server, remotely handle and forward faxes and so on.
The updates close several vulnerabilities, allowing intruders to inspect the system configuration and even, if anonymous authentication is enabled, modify it. It also closes a cross-site scripting (XSS) exploit and a bug which could halt the server. The update applies to Unity 4.2 (1) ES161, 5.0 (1) ES53 and 7.0 (2) ES8. Registered customers can download the update from the Cisco site.
See also:
- Cisco Security Response: VoIPshield Reported Vulnerabilities in Cisco Unity Server
- Cisco Security Advisory: Authentication Bypass in Cisco Unity
(lghp)