In association with heise online

31 August 2007, 15:18

Vulnerabilities in Cisco CallManager and Communications Manager

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Network specialist Cisco warns in a security advisory of a vulnerability in Cisco CallManager and Unified Communications Manager. By manipulating variables on the admin and login pages, an attacker can inject JavaScript code or SQL commands. Under certain conditions these could then be executed in the user context, for instance when the user clicks on a specially crafted malicious link. According to Cisco, this vulnerability affects releases of the software prior to

  • 3.3(5)sr2b
  • 4.1(3)sr5
  • 4.2(3)sr2
  • 4.3(1)sr1

The current version number is revealed in the administration interface under Show/Software. The vendor has provided updated versions.

See also:

(mba)

Print Version | Send by email | Permalink: http://h-online.com/-733566
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit