ARN

Cisco warns of Unified Communications Manager flaw

Cisco has made available a free software fix for affected customers

Cisco Wednesday released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code.

Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory.

The products that are vulnerable are:

-- Cisco Unified CallManager 4.0

-- Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c

-- Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3

-- Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1

Cisco says it is not aware of any public announcements or malicious use of the vulnerability, which was reported to Cisco from TippingPoint.

More about: Cisco, TippingPoint, TippingPoint

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Recent Discussions
ARN Directory | Distributors relevant to this article
tracking pixel
 
Jobs
ARN Vendor Directory
ARN Community Comments
Array
ARN Library

Microsoft Anti-Piracy Infringement Alert

The Microsoft Anti-Piracy Newsletter outlines what Microsoft is doing to protect your business from Software Piracy and highlights recent legal action taken against those who infringe our copyright.