Networking

05:50 PM
Connect Directly
RSS
E-Mail
50%
50%

Attackers Could Eavesdrop On Cisco-Routed VoIP Calls

Flaws in Cisco's voice-over-Internet (VoIP) software could allow an attacker to bring down the alternative-to-traditional-telephone service, or access the server that initiates and routes Web-based calls, a security firm says.

Flaws in Cisco's Voice-over-Internet Protocol (VoIP) software could allow an attacker to bring down the alternative-to-traditional-telephone service, or access the server that initiates and routes Web-based calls, an Atlanta-based security firm said.

According to alerts posted online by Internet Security Systems' (ISS) X-Force research team, Cisco's CallManager sports a pair of bugs that could be "reliably exploited" by hackers. The potential result: at best a denial-of-service style crash, at worst, a situation where the attacker could redirect calls at will or even eavesdrop on conversations.

By sending specially-crafted packets to Cisco CallManager, an attacker could create a heap overflow and crash the system or gain access. ISS said that an exploit wouldn't need any help from a user, pushing the threat into a more dangerous category.

"Like many of the applications that are driving today's businesses, VoIP travels over a variety of networks and the public Internet and is therefore susceptible to the same security perils as other staple network components like e-mail, databases, and servers," said Chris Rouland, ISS' chief technology officer, in a statement.

Cisco's own advisory includes details on patched editions of CallManager that are ready to download and install. Users without a current service contract with Cisco, however, must telephone the San Jose, Ca.-based networking company's support line to request the upgrades.

Comment  | 
Print  | 
More Insights
Hot Topics
15
Open Source Vs. Open Enough
Bob Laliberte, ESG senior analyst,  7/18/2014
5
Do We Need 25 GbE & 50 GbE?
Jim O'Reilly, Consultant,  7/18/2014
5
Guide: The Open Compute Project and Your Data Center
James M. Connolly, Editor in Chief, The Enterprise Cloud Site,  7/21/2014
White Papers
Register for Network Computing Newsletters
Cartoon
Current Issue
2014 Private Cloud Survey
2014 Private Cloud Survey
Respondents are on a roll: 53% brought their private clouds from concept to production in less than one year, and 60% ­extend their clouds across multiple datacenters. But expertise is scarce, with 51% saying acquiring skilled employees is a roadblock.
Video
Slideshows
Twitter Feed