Cisco patches vulnerabilities in voice solutions
Cisco has released a number of reports on vulnerabilities in its products. It is possible to disrupt the transfer of voice data in the Unified Communications Manager using crafted SIP, SCCP and CTI packets. Versions 4, 5, 6 and 7 are all affected. Updates are available to fix the problem. Unified Communications Manager 8.0(1) and Cisco Unified Communications Manager Express are not vulnerable.
The Cisco Digital Media Manager also contains multiple vulnerabilities which can be exploited by unauthorised users to access data and change the configuration. Versions prior to 5.2 contain default credentials which can be used by attackers to access web application configurations. It is also possible to inject voice and video data into a connection and output it at a remote end point. The vulnerabilities are fixed in version 5.2.
See also:
- Cisco Digital Media Player Remote Display Unauthorized Content Injection Vulnerability
- Multiple Vulnerabilities in Cisco Digital Media Manager
- Cisco Unified Communications Manager Denial of Service Vulnerabilities
(djwm)