View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

How Cisco’s unified communications system is at risk from hackers

The vulnerability is said to be present in all versions of Cisco’s Unified CDM.

By Amy-Jo Crowley

Cisco has warned that its software, which organisations use to manage voice over IP (VoIP) calls and messaging over their networks, is at risk from being controlled by hackers.

The networking firm, which recently uncovered spearphishing malware in Microsoft Word, said attackers could gain administrative access to its Unified Communications Domain Manager (Unified CDM) software by exploiting a default SSH private key.

"An attacker could exploit this vulnerability by obtaining the SSH private key," Cisco warned in an advisory.

"For example, the attacker might reverse engineer the binary file of the operating system. This will allow the attacker to connect by using the support account to the system without requiring any form of authentication.

"An exploit could allow the attacker to gain access to the system with the privileges of the root user."

Cisco’s Unified CDM is a service delivery and management platform that provides automation and administrative functions over the Cisco UC Manager, Cisco Unity Connection and Cisco Jabber applications, as well as the associated phones and soft clients.

Content from our partners
Sherif Tawfik: The Middle East and Africa are ready to lead on the climate
What to look for in a modern ERP system
How tech leaders can keep energy costs down and meet efficiency goals

Cisco said that another flaw allowed unauthenticated remote attackers to gain administrative control by tricking a valid administrator to click on web links, while a data manipulation exploit could allow an attacker to remotely tamper with user account settings, including personal phone directories and settings.

The company added that it has released free security updates to address the Unified CDM Privilege Escalation Vulnerability and Default SSH Key Vulnerability.

 

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU