How Cisco’s unified communications system is at risk from hackers

Malware

by Amy-jo Crowley| 03 July 2014

The vulnerability is said to be present in all versions of Cisco’s Unified CDM.

Cisco has warned that its software, which organisations use to manage voice over IP (VoIP) calls and messaging over their networks, is at risk from being controlled by hackers.

The networking firm, which recently uncovered spearphishing malware in Microsoft Word, said attackers could gain administrative access to its Unified Communications Domain Manager (Unified CDM) software by exploiting a default SSH private key.

"An attacker could exploit this vulnerability by obtaining the SSH private key," Cisco warned in an advisory.

"For example, the attacker might reverse engineer the binary file of the operating system. This will allow the attacker to connect by using the support account to the system without requiring any form of authentication.

"An exploit could allow the attacker to gain access to the system with the privileges of the root user."

Cisco's Unified CDM is a service delivery and management platform that provides automation and administrative functions over the Cisco UC Manager, Cisco Unity Connection and Cisco Jabber applications, as well as the associated phones and soft clients.

Cisco said that another flaw allowed unauthenticated remote attackers to gain administrative control by tricking a valid administrator to click on web links, while a data manipulation exploit could allow an attacker to remotely tamper with user account settings, including personal phone directories and settings.

The company added that it has released free security updates to address the Unified CDM Privilege Escalation Vulnerability and Default SSH Key Vulnerability.

 

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

755 people like this.
0 people follow this.

Malware Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.