Categories: Announcements

Security Issues Addressed for Cisco Unified Communications Manager

Cisco has announced that certain versions of Cisco Unified Communications Manager (Cisco Unified CM) are vulnerable to remote hacker attacks such as

  • Blind Structured Query Language (SQL) injection
  • Command injection
  • Privilege escalation

Temporary Fix

Cisco explains how they found out about the problem through independent researchers:

On June 6, 2013, a French security firm, Lexfo, delivered a public presentation on VoIP security that included a demonstration of multiple vulnerabilities used to compromise Cisco Unified CM. During the presentation, the researchers demonstrated a multistaged attack that chained a number of vulnerabilities, which resulted in a complete compromise of the Cisco Unified CM server. 

A Cisco Options Package (COP) file has been released as a temporary fix to shore up the weaknesses and can be found on the Cisco download page. Look for the file named:

  • cmterm-CSCuh01051-2.cop.sgn

Vulnerable Products

These versions of Cisco Unified CM are known to be vulnerable:

  • Cisco Unified Communications Manager 7.1(x)
  • Cisco Unified Communications Manager 8.5(x)
  • Cisco Unified Communications Manager 8.6(x)
  • Cisco Unified Communications Manager 9.0(x)
  • Cisco Unified Communications Manager 9.1(x)

These additional Cisco products might be vulnerable to the same products but, they haven’t been confirmed yet:

  • Cisco Emergency Responder
  • Cisco Unified Contact Center Express
  • Cisco Unified Customer Voice Portal
  • Cisco Unified Presence Server/Cisco IM and Presence Service
  • Cisco Unity Connection

Lucian Constantin at PCWorld is also reporting that Cisco has warned users of denial-of-service (DoS) attacks could affect these products:

Via Cisco and PCWorld

Nathan Miloszewski

Nate is VoIP Supply's former Content Marketing Manager.

Share
Published by
Nathan Miloszewski

Recent Posts

Viking VoIP Emergency Phone E-1600-IP-EWP: Product Feature and How to Register with Sangoma PBXact

https://youtu.be/FE2kcF7KjgQ?si=inw4thEr2thxgGeL When it comes to security, you should never cut corners. Having something that you…

1 day ago

Watch Now: 2025 March VoIP News Update

https://www.youtube.com/watch?v=X2_HXAv73FI Your March VoIP News Update is out now! This month we showcase an awesome…

5 days ago

Did You Know:  New MS Teams-Certified Services, Products & Devices!

It is certainly no secret that leading platforms such as Microsoft Teams have grown in…

6 days ago

Snom M56 DECT Phone & M500 Base Station: Product Feature and How to Pair Devices

https://youtu.be/7_EIZKXqG3w?si=nvWqq8EAe58AJ6Dp Over the years, we have seen several advancements in DECT technology, and with that,…

2 weeks ago

How To: Prepare Your Business for Upcoming Tariffs in the VoIP Industry

With all of this talk about tariffs, we wanted to provide you with some information…

2 weeks ago

Fanvil i62 Outdoor Audio & Video Door Phone: How to SIP Register and Program RFID Card

https://youtu.be/y3X1PcrK6i8?si=qWPgzDNhhngcsk_a In today's world, security is one of the most important things to have for…

1 month ago