Cisco Wednesday revealed a pair of vulnerabilities, one in its Unified CallManager 5.0 software, the other in the Web-based interface used to configure Cisco routers.
Unified CallManager 5.0, software that handles call processing for Cisco VoIP solutions, has two flaws in its command line management interface (CLI) that could allow a logged-in administrator to gain root access privileges and execute code, overwrite files, and launch denial of service attacks, Cisco said.
The Unified CallManager 5.0 software, which Cisco upgraded in March to add support for session initiation protocol (SIP), also includes a buffer overflow vulnerability that attackers can exploit by placing excessively long hostnames into SIP requests along with malicious code, paving the way for code execution and denial of service attacks.
In an advisory, Cisco's Product Security Incident Response Team (PSIRT) said that free software will be made available to address the vulnerabilities.
Symantec, in a bulletin to subscribers of its DeepSight Threat Management System, said the two CLI flaws do not require an exploit and rated the overall severity of the CallManager issues as 10 on a scale of 10.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
There are many network courses that can address your present job's priorities and help you gain the needed skills to keep pace with industry changes and new technologies.
