Categories: Announcements

Security Issues Addressed for Cisco Unified Communications Manager

Cisco has announced that certain versions of Cisco Unified Communications Manager (Cisco Unified CM) are vulnerable to remote hacker attacks such as

  • Blind Structured Query Language (SQL) injection
  • Command injection
  • Privilege escalation

Temporary Fix

Cisco explains how they found out about the problem through independent researchers:

On June 6, 2013, a French security firm, Lexfo, delivered a public presentation on VoIP security that included a demonstration of multiple vulnerabilities used to compromise Cisco Unified CM. During the presentation, the researchers demonstrated a multistaged attack that chained a number of vulnerabilities, which resulted in a complete compromise of the Cisco Unified CM server. 

A Cisco Options Package (COP) file has been released as a temporary fix to shore up the weaknesses and can be found on the Cisco download page. Look for the file named:

  • cmterm-CSCuh01051-2.cop.sgn

Vulnerable Products

These versions of Cisco Unified CM are known to be vulnerable:

  • Cisco Unified Communications Manager 7.1(x)
  • Cisco Unified Communications Manager 8.5(x)
  • Cisco Unified Communications Manager 8.6(x)
  • Cisco Unified Communications Manager 9.0(x)
  • Cisco Unified Communications Manager 9.1(x)

These additional Cisco products might be vulnerable to the same products but, they haven’t been confirmed yet:

  • Cisco Emergency Responder
  • Cisco Unified Contact Center Express
  • Cisco Unified Customer Voice Portal
  • Cisco Unified Presence Server/Cisco IM and Presence Service
  • Cisco Unity Connection

Lucian Constantin at PCWorld is also reporting that Cisco has warned users of denial-of-service (DoS) attacks could affect these products:

Via Cisco and PCWorld

Nathan Miloszewski

Nate is VoIP Supply's former Content Marketing Manager.

Share
Published by
Nathan Miloszewski

Recent Posts

Watch Now: 2024 December VoIP News Update

https://youtu.be/vV0BDOCGiKs?si=jFrelg8-ddbcLhTC In the December VoIP News Update, two exciting developments in the VoIP space were…

3 days ago

Fanvil H5 Hotel Phone Product Feature & How to SIP Register to 3CX | VoIP Supply

https://youtu.be/UHKuBq0Pvuk?si=zS3KlwIkJz2-6vaq At VoIP Supply, we’re always excited to explore new solutions for businesses and industries,…

3 weeks ago

Fanvil X4U IP Phone Product Feature Video & Technical Tutorial

https://youtu.be/Wun3AMh_T08?si=fG3-TgyzrGT2gNIc In our latest video, we dive deep into the Fanvil X4U IP phone. Whether…

4 weeks ago

How to Prepare Your VoIP Systems for 2025

Remember Back to the Future II? I loved that movie because they traveled into the…

1 month ago

SIP Chats: Sharath Abraham of Jabra – Panacast 50, BYOD Solutions, and More!

https://youtu.be/qsNO-fZdY3U?si=1A2biOpTwvHG-wiB In the latest episode of SIP Chats, host Brian Hyrek sits down with Sharath…

1 month ago

Watch Now: 2024 November VoIP News Update

https://youtu.be/a--L6ZF9iAw VoIP Supply’s November VoIP News Update: Exciting New Tools, Upcoming Releases, and Giving Back…

1 month ago