Menu
Cisco warns of Unified Communications Manager flaw

Cisco warns of Unified Communications Manager flaw

Cisco has made available a free software fix for affected customers

Cisco Wednesday released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code.

Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory.

The products that are vulnerable are:

-- Cisco Unified CallManager 4.0

-- Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c

-- Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3

-- Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1

Cisco says it is not aware of any public announcements or malicious use of the vulnerability, which was reported to Cisco from TippingPoint.


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments