Cisco Warns Of Bugs In Unified Communications ManagerCisco Warns Of Bugs In Unified Communications Manager

Cisco patches vulnerabilities that could cause denial-of-service problems, remote code execution or information disclosures.

Sharon Gaudin, Contributor

July 12, 2007

2 Min Read
information logo in a gray background | information

Cisco Systems released two security bulletins to warn IT managers about vulnerabilities in its Unified Communications Manager.

In one advisory, Cisco noted the Unified Communications Manager, which used to be known as CallManager, contained two overflow vulnerabilities. The flaws, according to the company, could enable a remote, unauthenticated hacker to execute arbitrary and malicious code or cause a denial-of-service.

One of the bugs is a Certified Trust List (CTL) provider service overflow. The other bug is Real-Time Information Server (RIS) data collector heap overflow.

Cisco Unified Communications Manager (CUCM) is a call processing component in Cisco's IP telephony solution.

The second advisory warns users of another two vulnerabilities that could allow an unauthorized administrator to activate and terminate CUCM and CUPS (Common Unix Printing System) services, and access SNMP (Simple Network Management Protocol) configuration information. "This may respectively result in a denial-of-service condition affecting CUCM/CUPS cluster systems and the disclosure of sensitive SNMP details, including community strings," noted the advisory.

Cisco warned that using sensitive information, like community strings, an attacker may be able to leverage access to sensitive information on other systems in the network. It is common practice in many enterprise environments to utilize standardized SNMP community strings. This, the advisory noted, could compound the severity of the vulnerability.

The denial-of-service could affect critical voice services. An attacker could disable central CUCM services, effectively causing the complete disruption of a CUCM cluster, the advisory added.

The US-CERT is recommending that IT administrators apply the updates. Its researchers will continue to investigate and provide additional information as it becomes available.

Cisco's security advisories came out the same week as Microsoft's monthly Patch Tuesday release. Apple also released QuickTime 7.2 this week, patching eight security holes, four of them in QuickTime for Java.

Read more about:

20072007

About the Author

Sharon Gaudin

Sharon Gaudin

Contributor

See more from Sharon Gaudin
Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
SIGN-UP

You May Also Like

More Insights
Webinars
More Webinars
Reports
More Reports

Editor's Choice

A group of smiling college graduates celebrating their graduation.
IT Leadership
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era
Why Liberal Arts Grads Could Be the Best Programmers of the AI Era

Jan 17, 2025

Flame front of the Eaton Fire on the first night during the January 2025 California wildfires in Altadena and Los Angeles
IT Sectors
How Tech Supports the Emergency Response to the LA County Wildfires
How Tech Supports the Emergency Response to the LA County Wildfires

Jan 16, 2025

Graphic Pop Art style Illustration of Keanu Reeves as NEO from the film, The Matrix
IT Infrastructure
Y2K and Infrastructure Resilience 25 Years Later
Y2K and Infrastructure Resilience 25 Years Later

Jan 7, 2025

Young businessman working on a virtual screen of the future and sees the inscription: Now hiring
IT Leadership
Help Wanted: IT Hiring Trends in 2025
Help Wanted: IT Hiring Trends in 2025

Nov 20, 2024

Cobol programming language software development concept on vitual screen.
IT Leadership
Untangling Enterprise Reliance on Legacy Systems
Untangling Enterprise Reliance on Legacy Systems

Jan 21, 2025

Webinars
More Webinars
White Papers
More White Papers
Reports
More Reports