Cisco Systems is reporting that there have been several security flaws found in their CallManager VoIP system, the most serious being with their Aupair.exe component. The flaws, which cause vulnerabilities in CallManager in its default settings, can allow someone to eavesdrop on calls, and even reroute VoIP calls to another destination (nasty!)
According to Internet Security Systems, in discussing the CallManager and Aupair.exe issues, “An attacker may be able to redirect calls or perform eavesdropping as a result of this compromise. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines with Cisco VoIP products.”
While to date there have been no known exploits of the vulnerabilities, Cisco has a major lead in marketshare of enterprise VoIP, with 42% of the market in the United States alone. In other words, Cisco’s VoIP products are widely deployed.
If you are running Cisco’s CallManager where you are, you should go to Cisco’s site to get the security updates here.
|No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?