VoIP Central

The Unified CallManager 5.0, software handles call processing for Cisco VoIP solutions, which has two faults in its command line management interface.



The two vulnerabilities are:



1. Unified CallManager 5.0 software

2. Web-based interface to configure Cisco routers





Cisco has now upgraded the Unified CallManager 5.0 software. It supports session initiation protocol and includes buffer overflow vulnerability. So that attackers can exploit by placing hostnames into SIP requests with malicious code making the way for code execution and denial of service attacks.



Cisco has also opened a vulnerability, which affects the Cisco Router Web Setup tool, and is used to configure routers. This error is centered on the failure of applications properly to authenticate remote web based users and it will allow an attacker to gain elevated administration privileges.



Cisco has also released software fixes, which address the issue, and affects CRWS for Cisco SOHO and Cisco 800 series routers with version prior to 3.3.0 build 31.



Via: CRN27480