Cisco Issues critical Patches
The communications equipment manufacturer has issued two critical patches to it’s widely used IP telephony software that makes a system vulnerable to DoS attacks. The discovery was made by an IBMISS X-Force security team when they were testing Cisco’s Unified Communications Manager (formerly CallManager) for security flaws. They also released information that though the weakness was critical that there were no public exploits made to it which allows prompt patching of the system. The software is more akin to telephones rather than computers which may have resulted in the flaws getting through testing without anybody noticing. The flaws allowed DoS type attacks and even remote code execution that could compromise a system. There was also an error in the trust list provider certificate that could have caused attacks to get through.