Cisco Systems is reporting that there have been several security flaws found in their CallManager VoIP system, the most serious being with their Aupair.exe component. The flaws, which cause vulnerabilities in CallManager in its default settings, can allow someone to eavesdrop on calls, and even reroute VoIP calls to another destination (nasty!)
According to Internet Security Systems, in discussing the CallManager and Aupair.exe issues, “An attacker may be able to redirect calls or perform eavesdropping as a result of this compromise. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines with Cisco VoIP products.”
While to date there have been no known exploits of the vulnerabilities, Cisco has a major lead in marketshare of enterprise VoIP, with 42% of the market in the United States alone. In other words, Cisco’s VoIP products are widely deployed.
If you are running Cisco’s CallManager where you are, you should go to Cisco’s site to get the security updates here.
The Internet Patrol is completely free, and reader-supported. Your tips via CashApp, Venmo, or Paypal are appreciated! Receipts will come from ISIPP.