Feeds

Cisco patches VoIP vuln

IoS update wards off hackers

  • alert
  • submit to reddit

Security for virtualized datacentres

Cisco is advising users of its IP telephony to update their software following the discovery of a flaw that might allow hackers to mount denial of service attacks.

The vulnerability affects versions of Cisco's core Internetwork Operating System (IOS) software configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) services. By sending malformed control messages a cracker could cause devices such as VoIP routers running the vulnerable software to reload. The trick could be exploited repeatedly to create a Denial of Service (DoS) attack against targeted networks.

Cisco has updated affected versions of its software (12.1YD, 12.2T, 12.3 and 12.3T) to block the exploit. Links to these free software upgrades, along with advice on suggested workarounds, can be found in Cisco's advisory. Cisco said it isn't aware of reports of malicious exploitation of the vulnerability.

The vulnerability was originally reported to Cisco by penetration testing firm SecureTest, whose previous research on IP telephony vulnerabilities has been hotly disputed by the networking vendor. ®

Related stories

Cisco VoIP kit open to 'snooping attacks'
Cisco dismisses VoIP snooping concerns
Cisco adds scrambler to IP telephony
Cisco fixes 'decoy attack' in security software

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.