Patch/Configuration Management, Vulnerability Management

Cisco issues CallManager fixes

Cisco Systems has asked users of its CallManager VoIP software to install patches correcting two flaws.

The San Jose-based networking equipment giant said its CallManager software is vulnerable to DoS attacks and privilege escalation, according to separate company advisories issued Wednesday.

In the first case, the product does not properly manage TCP connections and Windows messages, leaving some ports vulnerable to DoS attacks, according to the company.

Successful malware authors could knock out the service, leading to telephones either not responding or withdrawing their registration from CallManager, Cisco said.

In the other vulnerability, users with limited, read-only access to the device can assume full administrative powers, allowing them to alter data and reset the device, the company said.

Cisco said free software to fix the flaws is available on its website. The company also recommended a temporary solution for the access vulnerability by only using the "no access" or "full access" privileges instead of the "read-only" privilege.

Cisco said it was not aware of any malicious attempts to compromise systems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.