Cisco Wednesday released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code.
Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory.
The products that are vulnerable are:
* Cisco Unified CallManager 4.0
* Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c
* Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3
* Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1
Cisco says it is not aware of any public announcements or malicious use of the vulnerability, which was reported to Cisco from TippingPoint.(Learn more about IP PBX products from our IP PBX Buyer's Guide.)
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (1)
Cisco warns of CallManager heap overflow vulnerabilityBy Cisco Subnet on January 16, 2008, 6:54 pmCisco has released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow...
Reply | Read entire comment
View all comments