Cisco Wednesday released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code.
Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory.
The products that are vulnerable are:
-- Cisco Unified CallManager 4.0
-- Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c
-- Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3
-- Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1
Cisco says it is not aware of any public announcements or malicious use of the vulnerability, which was reported to Cisco from TippingPoint.