Unified Communications Manager contains multiple vulnerabilities which could be subject to a denial of service attack against an organisation's VoIP network, Cisco has admitted.
Cisco has admitted that its main telephony product could be taken down by a denial of service attack.
Cisco
Unified Communications Manager, one of the most popular IP telephony
products in the market, contains multiple denial of service
vulnerabilities, the company admitted in a security advisory on
Wednesday. The vulnerabilities could be exploited to interrupt voice
services, Cisco said. This can be carried out remotely and without user
interaction.
The company has released patches and urged
businesses to apply them. Four services are affected: Certificate Trust
List Provider, Certificate Authority Proxy Function, SIP and SNMP Trap.
The
vulnerabilities affect a wide range of models across versions 4,5 and
6. Unified Communications Manager Express - the call handling software
embedded in Cisco's Integrated Services Routers (ISRs) which is often
used in branch office locations - is not affected.
Separately,
Cisco has revealed three denial of service vulnerabilities which could
take down its presence software. The company has made patches available.