Sign in / up

back to article Cisco goes public with major vulns

Users of Cisco's Unified Communications Manager, UCM instant messaging and presence, and Prime Central hosted collaboration system need to get busy with patches, after the Borg announced denial-of-service vulnerabilities across all three platforms. UCM 7.1, Cisco advises, has an improper error handling vulnerability that can …

COMMENTS

House rules Send corrections
This topic is closed for new posts.
  1. Sir Runcible Spoon

    Sir

    This is going to affect an awful lot of SME's who wouldn't necessarily be thinking of patching their cisco kit first and foremost.

    0 0
  2. Sammy Smalls
    Alert

    Limited scope

    Whilst this isnt good need to be fixed, there's limited scope for exploitation. Most (if not all) systems should be behind some sort of firewall. If someone is in a position to exploit these vulns they have probably breached the firewall and you have got bigger problems.

    m2c.

    0 0
    1. Sammy Smalls
      Reply Icon
      Unhappy

      Re: Limited scope

      should read 'and needs to be fixed'

      Need my first brew of the day.........

      0 0
    2. theblackhand
      Reply Icon

      Re: Limited scope

      While these should be internal systems, if they are using Cisco WLAN phones it is possible (likely?) that the WLAN is secured by pre-shared key authentication only for "reliability" reasons based on my experience of a number of WLAN voice deployments I have seen. Typically the SSID's are fairly obvious (i.e. "voice") and passwords fairly complex - I'd be surprised if details were not easily available via rainbow tables.

      I'm aware that the phones support more secure authentication methods (i.e. 802.1x), but they aren't used.

      These points apply to non-Cisco kit as well or poorly secured WLAN's in general.

      0 0
  3. Captain Scarlet
    Childcatcher

    Oh thats not good

    My monitoring system is possibly going to cause most of these all in one go when I least suspect it :(

    0 0
  4. Anonymous Coward
    Anonymous Coward

    Cisco VoIP?

    They should try fixing the crappy speakerphone voice quality first, in my experience that causes far more "denial of service" problems than any security issue, especially since these systems are designed to be deployed on private (= physically-isolated) networks anyway, and so a lot of them will be physically secure.

    0 0
This topic is closed for new posts.

Other stories you might like