Cisco Warns Of Bugs In Unified Communications Manager - InformationWeek
Software // Enterprise Applications
05:39 PM
How Cloud Can Streamline Business Workflow
Jul 11, 2017
In order to optimize your utilization of cloud computing, you need to be able to deliver reliable ...Read More>>

Cisco Warns Of Bugs In Unified Communications Manager

Cisco patches vulnerabilities that could cause denial-of-service problems, remote code execution or information disclosures.

Cisco Systems released two security bulletins to warn IT managers about vulnerabilities in its Unified Communications Manager.

In one advisory, Cisco noted the Unified Communications Manager, which used to be known as CallManager, contained two overflow vulnerabilities. The flaws, according to the company, could enable a remote, unauthenticated hacker to execute arbitrary and malicious code or cause a denial-of-service.

One of the bugs is a Certified Trust List (CTL) provider service overflow. The other bug is Real-Time Information Server (RIS) data collector heap overflow.

Cisco Unified Communications Manager (CUCM) is a call processing component in Cisco's IP telephony solution.

The second advisory warns users of another two vulnerabilities that could allow an unauthorized administrator to activate and terminate CUCM and CUPS (Common Unix Printing System) services, and access SNMP (Simple Network Management Protocol) configuration information. "This may respectively result in a denial-of-service condition affecting CUCM/CUPS cluster systems and the disclosure of sensitive SNMP details, including community strings," noted the advisory.

Cisco warned that using sensitive information, like community strings, an attacker may be able to leverage access to sensitive information on other systems in the network. It is common practice in many enterprise environments to utilize standardized SNMP community strings. This, the advisory noted, could compound the severity of the vulnerability.

The denial-of-service could affect critical voice services. An attacker could disable central CUCM services, effectively causing the complete disruption of a CUCM cluster, the advisory added.

The US-CERT is recommending that IT administrators apply the updates. Its researchers will continue to investigate and provide additional information as it becomes available.

Cisco's security advisories came out the same week as Microsoft's monthly Patch Tuesday release. Apple also released QuickTime 7.2 this week, patching eight security holes, four of them in QuickTime for Java.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
IT Strategies to Conquer the Cloud
Chances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll