Users of Cisco's Unified Communications Manager, UCM instant messaging and presence, and Prime Central hosted collaboration system need to get busy with patches, after the Borg announced denial-of-service vulnerabilities across all three platforms. UCM 7.1, Cisco advises, has an improper error handling vulnerability that can be …
This is going to affect an awful lot of SME's who wouldn't necessarily be thinking of patching their cisco kit first and foremost.
Whilst this isnt good need to be fixed, there's limited scope for exploitation. Most (if not all) systems should be behind some sort of firewall. If someone is in a position to exploit these vulns they have probably breached the firewall and you have got bigger problems.
Re: Limited scope
should read 'and needs to be fixed'
Need my first brew of the day.........
Re: Limited scope
While these should be internal systems, if they are using Cisco WLAN phones it is possible (likely?) that the WLAN is secured by pre-shared key authentication only for "reliability" reasons based on my experience of a number of WLAN voice deployments I have seen. Typically the SSID's are fairly obvious (i.e. "voice") and passwords fairly complex - I'd be surprised if details were not easily available via rainbow tables.
I'm aware that the phones support more secure authentication methods (i.e. 802.1x), but they aren't used.
These points apply to non-Cisco kit as well or poorly secured WLAN's in general.
Oh thats not good
My monitoring system is possibly going to cause most of these all in one go when I least suspect it :(
They should try fixing the crappy speakerphone voice quality first, in my experience that causes far more "denial of service" problems than any security issue, especially since these systems are designed to be deployed on private (= physically-isolated) networks anyway, and so a lot of them will be physically secure.
- One HUNDRED FAMOUS LADIES exposed NUDE online
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Apple to devs: NO slurping users' HEALTH for sale to Dark Powers
- Is that a 64-bit ARM Warrior in your pocket? No, it's MIPS64