Cisco Patches Call Manager

Thursday Jul 14th 2005 by Michael Hall

Cisco's Call Manager software, the heart of its VoIP infrastructure, has been found vulnerable to a DoS attack, or a complete compromise that could allow malicious users to listen in on or reroute calls.

Security firm Internet Security Systems (ISS) has reported that a flaw in Cisco's Call Manager platform could cause a denial of service or complete compromise of the the software.

Call Manager is the software-based call processing component of Cisco's Voice Over IP (VoIP) infrastructure. According to ISS, compromise of Call Manager could allow an attacker "to redirect calls or perform eavesdropping as a result of this compromise. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines with Cisco VoIP products. No authentication is required for an attacker to leverage this vulnerability to compromise a network."

For its part, Cisco has said that it provided patches to the vulnerability several days before ISS published its advisory, and that no exploits for the flaw have been found in the wild. Both Cisco and ISS have published detailed reports on how to deal with the vulnerability.

Mobile Site | Full Site
Copyright 2018 © QuinStreet Inc. All Rights Reserved