Unified Communications Featured Article

Cisco Report Three Threats to its UCS Software

July 07, 2014

Near the middle of last week, Cisco announced that it had found three distinct threats to is unified communications services that could allow hackers to gain control of users' systems. Along with that announcement, it has posted fixes for the problems in a software application patch.

According to the report, the vulnerabilities affect the stability of Cisco's Unified Communications Domain Manager. The names of the vulnerabilities are as follows:

  • Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability.
  • Cisco Unified Communications Domain Manager Default SSH Key Vulnerability.
  • Cisco Unified Communications Domain Manager BVSMWeb Unauthorized Data Manipulation Vulnerability.

An exploitation of the first two security risks "may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system," Cisco says. Exploitation of the third "may allow an attacker to access and modify BVSMWeb portal user information such settings in the personal phone directory, speed dials, Single Number Reach, and call forward settings."

Cisco's Unified Communications Manager is responsible for handling administrative functions with regard to Cisco Unity Connection, Cisco Jabber applications, and phones and soft clients integrated with such applications. As a result, it is possible that hackers could provide themselves with access to a number of hardware devices and the sofware that control those devices throughout entire enterprises.

Cisco says that there is no way of mitigating the vulnerabilities aside from using its software patch. As such, it urges users of its UCS software to immediately update their products. The updates contain fixes to the vulnerabilities it has listed, and the company says updates will only include feature sets for products businesses have previously purchased, so the updates will not include any additional features beyond their ability to fix the stated problems.

Request a Quote
Become a Partner

Featured Blog

Millennials and Technology – "I want it now"

The millennial generation, also known as individuals born between the years of 1980 and 2000, are a group of highly collaborative adults estimated to account for roughly 75% of the global workforce by the year 2025...

4 Steps to safely enter 2016 with Fusion and leave your old provider behind

Enough is enough! You can't tolerate the dropped calls, the complaints from upper management, and the slow response time from customer service. You saw the signs of the breakup all along, and now it's time to move onto something new...

Practical Benefits of a Unified Communications System

The business world of is rapidly changing thanks to the technological advancements of recent years...