View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

How Cisco’s unified communications system is at risk from hackers

The vulnerability is said to be present in all versions of Cisco’s Unified CDM.

By

Cisco has warned that its software, which organisations use to manage voice over IP (VoIP) calls and messaging over their networks, is at risk from being controlled by hackers.

The networking firm, which recently uncovered spearphishing malware in Microsoft Word, said attackers could gain administrative access to its Unified Communications Domain Manager (Unified CDM) software by exploiting a default SSH private key.

"An attacker could exploit this vulnerability by obtaining the SSH private key," Cisco warned in an advisory.

"For example, the attacker might reverse engineer the binary file of the operating system. This will allow the attacker to connect by using the support account to the system without requiring any form of authentication.

"An exploit could allow the attacker to gain access to the system with the privileges of the root user."

Cisco’s Unified CDM is a service delivery and management platform that provides automation and administrative functions over the Cisco UC Manager, Cisco Unity Connection and Cisco Jabber applications, as well as the associated phones and soft clients.

Content from our partners
European Technology Leadership: Deutsche Bank CTO Gordon Mackechnie
Print’s role in driving the environmental agenda
What finance leaders get wrong about digital transformation

Cisco said that another flaw allowed unauthenticated remote attackers to gain administrative control by tricking a valid administrator to click on web links, while a data manipulation exploit could allow an attacker to remotely tamper with user account settings, including personal phone directories and settings.

The company added that it has released free security updates to address the Unified CDM Privilege Escalation Vulnerability and Default SSH Key Vulnerability.

 

Websites in our network
NEWSLETTER Sign up Tick the boxes of the newsletters you would like to receive. Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
I consent to New Statesman Media Group collecting my details provided via this form in accordance with the Privacy Policy
SUBSCRIBED

THANK YOU