Cisco Issues CallManager Fixes

Cisco Systems has asked users of its CallManager VoIP software to install patches correcting two flaws. Last week it was revealed that CallManager software is vulnerable to DoS attacks and privilege escalation, according to separate company advisories issued Wednesday.

In the first case, the product does not properly manage TCP connections and Windows messages, leaving some ports vulnerable to DoS attacks, according to the company.

Successful malware authors could knock out the service, leading to telephones either not responding or withdrawing their registration from CallManager, Cisco said.
In the other vulnerability, users with limited, read-only access to the device can assume full administrative powers, allowing them to alter data and reset the device, the company said.

Cisco said free software to fix the flaws is available on its website. The company also recommended a temporary solution for the access vulnerability by only using the “no access” or “full access” privileges instead of the “read-only” privilege.

Cisco said it was not aware of any malicious attempts to compromise systems.

The following two tabs change content below.


Lorem ipsum dolor sit amet, consectetur adipiscing elit. Nam dignissim magna vitae dui posuere eu feugiat augue eleifend. Fusce sed tincidunt quam. Donec varius aliquam metus ut semper. Donec augue purus, feugiat interdum malesuada vel, aliquet quis massa. Nulla facilisi. Nam vel ante quam, et tincidunt dui. Maecenas venenatis libero eu nulla tincidunt et accumsan velit sodales. Nam congue mauris et felis porttitor blandit. Nam eget tempor massa. Nullam suscipit gravida eros, ac suscipit magna feugiat sit amet.

Latest posts by admin (see all)