vulnerability

Cisco Patches CUCM Security Flaw

Cisco is preparing to launch the next release of their Cisco Unified Communications Manager (CUCM) product - CUCM 7.0. But, last week they released an update for the current CUCM release. Actually, they released a total of 12 security updates or patches, but 11 of them deal with Cisco’s IOS and only 1 of them is related to CUCM.

The CUCM threats have been rated by Secunia as ‘moderately critical’. Vulnerable systems may be exposed to denial-of-service (DoS) attacks from a successful exploit. You can get more information from the Cisco Security Advisory and download the appropriate updates directly from Cisco.

UC a Ticking Time Bomb?

Security is generally an afterthought in I.T.. It gets a fair amount of press, especially when there are legal and industry compliance requirements. But, when a new technology gets hot it seems like everyone jumps on the bandwagon and starts implementing it and nobody stops to consider the security implications until much later- often after the first big victim makes headlines and perhaps not until the legal and industry compliance mandates catch up and require some level of security. According to a report from TechWeb’s LightReading.com, security looms as a serious issue for many UC implementations. This brief report suggests that one of the problems is that the UC technology has the security functions available, but they are not implemented or properly utilized by the users.

Cisco Unified Communications Vulnerability

Security vulnerability research firm Secunia reports “A vulnerability and a security issue have been reported in Cisco Unified Communications Manager, which can be exploited by malicious people to bypass certain security restrictions or to cause a DoS (Denial of Service).” The vulnerability is only rated as Less Critical by Secunia, so it is not an urgent issue, but users of Cisco Unified Communications Manager should be aware and investigate the availability of patches or updates to address the problem.