Cisco has warned of three flaws in its unified communications services that could allow a remote attacker to gain complete administrative control of a system and access and modify personal user information.
The vulnerabilities impact both the platform and application software for the Cisco Unified Communications Domain Manager (Unified CDM), which controls and manages unified communication deployments as well as associated phones and clients.
The most serious bug affects the platform software with Cisco warning that if exploited, could “allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.”
Cisco has advised customers to download a software update which corrects the flaw, while it has also released a patch for a separate vulnerability affecting the Unified CDM application software which could allow a remote attacker to elevate their privileges and gain administrative access to an affected system through the use of a malicious link.
The problem has been attributed to the improper implementation of authentication and authorisation controls of the administration GUI.
Cisco says the same problem is the cause of another flaw relating to the application software that could allow an unauthorised user to access and change settings relating to phone directories, speed dials, single number reach and call forwarding, however there is no update as yet for this particular vulnerability.
Do you know all about Cisco? Take our quiz.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…