Cisco issues security advisory for UC products

Vulnerabilities could expose users to denial-of-service attack

Cisco has released a security advisory to address vulnerabilities in a pair of its products.

The company said that the update will plug security flaws in its Unified Communications Manager and Unified Presence lines.

The US Computer Emergency Response Team (US-CERT) is advising administrators to review and install both updates.

For the Unified Communications Manager, the update will patch a pair of security flaws that could allow denial-of-service attacks. Cisco said that an attacker could use a specially-crafted Session Initiation Protocol (SIP) message to trigger a processing error and bring down voice services on a targeted system.

The Unified Presence patch also addresses the SIP-handling denial-of-service vulnerabilities within the messaging platform.

Cisco said that it has yet to receive any reports of exploitation in the wild.

The company said that there are no known workarounds for the vulnerabilities, though a free update has been posted. Administrators can obtain the updates through their IT service providers or through the company's technical assistance centre.

Cisco's update comes on the heels of fixes from several other big names in the industry. Earlier this week Adobe posted fixes for its Shockwave player, and Apple released an update for OS X.