Careers & Certifications

10:41 PM
Connect Directly
RSS
E-Mail
50%
50%

Cisco Details New VoIP, Router Vulnerabilities

Cisco Wednesday revealed a pair of vulnerabilities, one in its Unified CallManager 5.0 software, the other in the Web-based interface used to configure Cisco routers.

Cisco Wednesday revealed a pair of vulnerabilities, one in its Unified CallManager 5.0 software, the other in the Web-based interface used to configure Cisco routers.

Unified CallManager 5.0, software that handles call processing for Cisco VoIP solutions, has two flaws in its command line management interface (CLI) that could allow a logged-in administrator to gain root access privileges and execute code, overwrite files, and launch denial of service attacks, Cisco said.

The Unified CallManager 5.0 software, which Cisco upgraded in March to add support for session initiation protocol (SIP), also includes a buffer overflow vulnerability that attackers can exploit by placing excessively long hostnames into SIP requests along with malicious code, paving the way for code execution and denial of service attacks.

In an advisory, Cisco's Product Security Incident Response Team (PSIRT) said that free software will be made available to address the vulnerabilities.

Symantec, in a bulletin to subscribers of its DeepSight Threat Management System, said the two CLI flaws do not require an exploit and rated the overall severity of the CallManager issues as 10 on a scale of 10.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Slideshows
Cartoon
Audio Interviews
Archived Audio Interviews
Jeremy Schulman, founder of Schprockits, a network automation startup operating in stealth mode, joins us to explore whether networking professionals all need to learn programming in order to remain employed.
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Twitter Feed