Cisco warns on IP telephony flaws
Cisco has admitted that its main telephony product could be taken down by a denial of service attack.
Cisco Unified Communications Manager, one of the most popular IP telephony products in the market, contains multiple denial of service vulnerabilities, the company admitted in a security advisory on Wednesday. The vulnerabilities could be exploited to interrupt voice services, Cisco said. This can be carried out remotely and without user interaction.
The company has released patches and urged businesses to apply them. Four services are affected: Certificate Trust List Provider, Certificate Authority Proxy Function, SIP and SNMP Trap.
The vulnerabilities affect a wide range of models across versions 4,5 and 6. Unified Communications Manager Express - the call handling software embedded in Cisco's Integrated Services Routers (ISRs) which is often used in branch office locations - is not affected.
Separately, Cisco has revealed three denial of service vulnerabilities which could take down its presence software. The company has made patches available.