A bug in Cisco's Unity voice and unified messaging platform could allow an unauthenticated user to 
modify some of Unity's configuration parameters, warns Cisco in its advisory published today. The platform is configured by default for administrators to use Microsoft's Integrated Windows authentication method for authentication but Unity could be vulnerable if they are configured for anonymous authentication, says Cisco. Anonymous authentication is used when Cisco Unity servers are authenticated to the subscriber instead of Microsoft Windows. A workaround to this problem is available.
Products that could be affected by this bug are Unity versions 4.x, 5.x and 7.x, says Cisco.
Interesting reading:
How to transfer CUCM users to Unity voicemail
More Cisco security advisories
More from Cisco Subnet:
* Fake Cisco gear could be used to spy on the U.S.
* Could Nortel benefit from Cisco's learning curve?
* Fax server compatibility in Cisco UC networks
* How to transfer CUCM users to Unity voicemail
* Competition: Can you learn TCP/IP in 24 hours?
* 100GB Ethernet coming to your core?
* CCDE beta practical exam: Tough but not impossible
Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.
Advertisement: |
The Cisco Subnet blog is written by Network World managing editor Jim Duffy and is the official blog of Network World's Cisco Subnet community. The Cisco Subnet site is managed by Online Community Editor Julie Bort. Cisco Subnet is the independent voice of Cisco customers and is your gateway to daily Cisco news, blogs, opinion, books, prize giveaways and more. Visit the Cisco Subnet home page daily and while you are there, subscribe to the Cisco Alert e-mail newsletter, which includes news and views generated by the Cisco Subnet community as well as Cisco-related stories on Network World and elsewhere on the Web.
The Leader in Network Knowledge
Post new comment