Cisco warns of Unified Communications flaw

A new flaw could render Cisco telephony systems useless

Cisco has issued a security alert about two vulnerabilities in its Unified Communications Manager (UCM) software.

The flaws could allow an attacker to create a denial-of-service attack on the tool, which is used to manage enterprise telephony and communication services. Such an attack could bring down voice services and require the system to be restarted.

An attacker could conduct the exploit by flooding a certain port on the UCM with TCP information packets, causing the system to reject new connection requests and render telephony systems useless.

Cisco said that the flaw affects UCM editions 4, 5, 6 and 7. The Express edition is not believed to be vulnerable.

The company has released patches for the 6.x and 7.x versions, and a fix for versions 5.x is scheduled for early September. Administrators are advised to install the updates immediately.

The risk of attack can also be mitigated by filtering access to the vulnerable TCP 2000 and 2443 ports and the UDP 5060 and 5061 ports.