Cisco warns of Unity bug

A bug in Cisco's Unity voice and unified messaging platform could allow an unauthenticated user to

modify some of Unity's configuration parameters, warns Cisco in its advisory published today. The platform is configured by default for administrators to use Microsoft's Integrated Windows authentication method for authentication but Unity could be vulnerable if they are configured for anonymous authentication, says Cisco. Anonymous authentication is used when Cisco Unity servers are authenticated to the subscriber instead of Microsoft Windows. A workaround to this problem is available.

Products that could be affected by this bug are Unity versions 4.x, 5.x and 7.x, says Cisco.

Interesting reading:

How to transfer CUCM users to Unity voicemail

More Cisco security advisories

More Cisco security responses

More from Cisco Subnet:Fake Cisco gear could be used to spy on the U.S.Could Nortel benefit from Cisco's learning curve?Fax server compatibility in Cisco UC networksHow to transfer CUCM users to Unity voicemailCompetition: Can you learn TCP/IP in 24 hours?100GB Ethernet coming to your core?CCDE beta practical exam: Tough but not impossible

*

*

*

*

*

Go to Cisco Subnet for more Cisco news, blogs, discussion forums, security alerts, book giveaways, and more.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2008 IDG Communications, Inc.

SD-WAN buyers guide: Key questions to ask vendors (and yourself)