Ethan Simmons, a partner at Boston-based solution provider NetTeks, said that for a CallManager solution to be compromised by one of these attacks, it would to have been put together very poorly. "No one in their right mind would implement an IP voice solution that was exposed directly to the Internet, or for that matter, even internal users," Simmons said.
To prevent unauthorized access, CallManager 5.0 solutions should be implemented using VLANs and access control lists that limit access to the actual call processing servers, Simmons added.
Cisco also revealed a vulnerability that affects the Cisco Router Web Setup tool (CRWS), used to configure routers. This flaw hinges on the application's failure to properly authenticate remote Web-based users, and could allow an attacker to gain elevated administration privileges.
Symantec rated the severity of this threat 10 out of 10 and in a DeepSight bulletin said it's likely this flaw could be leveraged by miscreants to launch additional attacks.
Cisco released software fixes that address the issue, which affects CRWS for Cisco SOHO and Cisco 800 series routers with version prior to 3.3.0 build 31.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
