Cisco flags Unified Comms flaw

Summary:The company has warned of a heap overflow vulnerability in its Unified Communications Manager software

Networking giant Cisco has warned of a flaw in its Unified Communications Manager software that could allow a remote, unauthenticated user to cause a denial of service condition or execute arbitrary code.

In a security advisory published on Wednesday, Cisco said its Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in its Certificate Trust List (CTL) provider service.

A CTL is used by Cisco Unified IP Phone devices to verify the identity of CUCM servers. The heap overflow vulnerability lies in Cisco's Certificate Trust List Provider service client, and its interaction with TCP port 2444, which the Certificate Trust List Provider service client listens to by default. The port can be modified by a user.

Cisco said it had released software updates and workarounds that address the vulnerability. Links to the updates are in the advisory.

Topics: Security


Tom is a technology reporter for, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.