X
Tech
Home Tech Security

Cisco flags Unified Comms flaw

The company has warned of a heap overflow vulnerability in its Unified Communications Manager software
Written by Tom Espiner, Contributor

Networking giant Cisco has warned of a flaw in its Unified Communications Manager software that could allow a remote, unauthenticated user to cause a denial of service condition or execute arbitrary code.

In a security advisory published on Wednesday, Cisco said its Unified Communications Manager (CUCM), formerly CallManager, contains a heap overflow vulnerability in its Certificate Trust List (CTL) provider service.

A CTL is used by Cisco Unified IP Phone devices to verify the identity of CUCM servers. The heap overflow vulnerability lies in Cisco's Certificate Trust List Provider service client, and its interaction with TCP port 2444, which the Certificate Trust List Provider service client listens to by default. The port can be modified by a user.

Cisco said it had released software updates and workarounds that address the vulnerability. Links to the updates are in the advisory.

Editorial standards
Show Comments

Related

Linus Torvalds and Dirk Hohndel, Open Source Summit North America 2024

Linus Torvalds takes on evil developers, hardware errors and 'hilarious' AI hype

penguin holding an apple on Sonoma background

6 features I wish MacOS would copy from Linux

Placeholder product image alt text

The best AI image generators to try right now