back to article Cisco goes public with major vulns

Users of Cisco's Unified Communications Manager, UCM instant messaging and presence, and Prime Central hosted collaboration system need to get busy with patches, after the Borg announced denial-of-service vulnerabilities across all three platforms. UCM 7.1, Cisco advises, has an improper error handling vulnerability that can be …

COMMENTS

This topic is closed for new posts.
Silver badge

Sir

This is going to affect an awful lot of SME's who wouldn't necessarily be thinking of patching their cisco kit first and foremost.

0
0
Alert

Limited scope

Whilst this isnt good need to be fixed, there's limited scope for exploitation. Most (if not all) systems should be behind some sort of firewall. If someone is in a position to exploit these vulns they have probably breached the firewall and you have got bigger problems.

m2c.

0
0
Unhappy

Re: Limited scope

should read 'and needs to be fixed'

Need my first brew of the day.........

0
0
Bronze badge

Re: Limited scope

While these should be internal systems, if they are using Cisco WLAN phones it is possible (likely?) that the WLAN is secured by pre-shared key authentication only for "reliability" reasons based on my experience of a number of WLAN voice deployments I have seen. Typically the SSID's are fairly obvious (i.e. "voice") and passwords fairly complex - I'd be surprised if details were not easily available via rainbow tables.

I'm aware that the phones support more secure authentication methods (i.e. 802.1x), but they aren't used.

These points apply to non-Cisco kit as well or poorly secured WLAN's in general.

0
0
Bronze badge
Childcatcher

Oh thats not good

My monitoring system is possibly going to cause most of these all in one go when I least suspect it :(

0
0
Anonymous Coward

Cisco VoIP?

They should try fixing the crappy speakerphone voice quality first, in my experience that causes far more "denial of service" problems than any security issue, especially since these systems are designed to be deployed on private (= physically-isolated) networks anyway, and so a lot of them will be physically secure.

0
0
This topic is closed for new posts.

Forums