In association with heise online

05 March 2010, 15:12

Cisco patches vulnerabilities in voice solutions

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Cisco has released a number of reports on vulnerabilities in its products. It is possible to disrupt the transfer of voice data in the Unified Communications Manager using crafted SIP, SCCP and CTI packets. Versions 4, 5, 6 and 7 are all affected. Updates are available to fix the problem. Unified Communications Manager 8.0(1) and Cisco Unified Communications Manager Express are not vulnerable.

The Cisco Digital Media Manager also contains multiple vulnerabilities which can be exploited by unauthorised users to access data and change the configuration. Versions prior to 5.2 contain default credentials which can be used by attackers to access web application configurations. It is also possible to inject voice and video data into a connection and output it at a remote end point. The vulnerabilities are fixed in version 5.2.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit