ABOUT US | SERVICES | SUBSCRIPTIONS | LOGIN | SIGNUP
SUBSCRIBE TO TMCnet
TMCnet - World's Largest Communications and Technology Community
MARKETS » NFV Pandemic Tech News
HOT TOPICS » SD-WAN THE BLOCKCHAIN DOMAIN UC NETWORK MANAGEMENT
RESOURCE CENTER - WHITE PAPERS   |   WEBINARS   |   EBOOKS   |   TMCLabs   |   VIDEOS|   MEDIA KIT

CHANNEL BY TOPICS


QUICK LINKS




Cisco Report Three Threats to its UCS Software

Unified Communications Featured Article

Cisco Report Three Threats to its UCS Software

Share
Tweet
July 07, 2014
By Casey Houser
Contributing Writer

Near the middle of last week, Cisco (News - Alert) announced that it had found three distinct threats to is unified communications services that could allow hackers to gain control of users' systems. Along with that announcement, it has posted fixes for the problems in a software application patch.


According to the report, the vulnerabilities affect the stability of Cisco's Unified Communications (News - Alert) Domain Manager. The names of the vulnerabilities are as follows:

  • Cisco Unified Communications Domain Manager Privilege Escalation Vulnerability.
  • Cisco Unified Communications Domain Manager Default SSH Key Vulnerability.
  • Cisco Unified Communications Domain Manager BVSMWeb Unauthorized Data Manipulation Vulnerability.

An exploitation of the first two security risks "may allow an attacker to execute arbitrary commands or obtain privileged access to the affected system," Cisco says. Exploitation of the third "may allow an attacker to access and modify BVSMWeb portal user information such settings in the personal phone directory, speed dials, Single Number Reach, and call forward settings."

Cisco's Unified Communications Manager is responsible for handling administrative functions with regard to Cisco Unity Connection, Cisco Jabber applications, and phones and soft clients integrated with such applications. As a result, it is possible that hackers could provide themselves with access to a number of hardware devices and the sofware that control those devices throughout entire enterprises.

Cisco says that there is no way of mitigating the vulnerabilities aside from using its software patch. As such, it urges users of its UCS software to immediately update their products. The updates contain fixes to the vulnerabilities it has listed, and the company says updates will only include feature sets for products businesses have previously purchased, so the updates will not include any additional features beyond their ability to fix the stated problems.



Article comments powered by Disqus
Unified Communications Homepage ›





Technology Marketing Corporation

2 Trap Falls Road Suite 106, Shelton, CT 06484 USA
Ph: +1-203-852-6800, 800-243-6002

General comments: [email protected].
Comments about this site: [email protected].

IMPORTANT

SUBSCRIPTIONS


Subscribe to our FREE eNewsletters
CLICK HERE

STAY CURRENT YOUR WAY

© 2024 Technology Marketing Corporation. All rights reserved | Privacy Policy