Disaster recovery bug hangs up Cisco comms kit
Failover falls over
Posted in Data Networking, 7th April 2008 11:08 GMT
Free whitepaper – Data center projects: growth model
There's trouble with the Disaster Recovery Framework (DRF) Master component in a number of unified communications products from Cisco.
The flaw, which the networking giant patched late last week, enables hackers to compromise vulnerable systems. Cisco Emergency Responder, Cisco Unified Communications Manager versions 5 and 6, and Cisco Unified Presence 6.x are affected.
Failure to properly authentic requests by the DRF component means miscreants might be able to execute arbitrary commands on affected systems. Denial of service attacks are also a possibility.
Cisco's advisory can be found here.
The network giant credits VoIPshield Systems with discovering the vulnerability. VoIPshield, which markets VoIP security application products, created a splash last week with claims that it had unearthed previously-undiscovered vulnerabilities and exploits associated with products from Cisco, Nortel, Avaya, and other leading vendors in the area.
It claims its knowledge of these bugs gives it the edge in protecting its clients' IP telephony systems from hacking attacks using a product called VoIPguard, which it describes as an intrusion prevention system for IP telephony systems. ®
Free whitepaper – Implementing energy efficient data centers


The future of SaaS and IT infrastructure management
Modular Services - Can Dell Deliver?
The mandate for application security
Extended Validation SSL Certificates
Avoiding 7 common mistakes of IT security compliance

Micron move heralds Intel 320GB SSD
Steve Jobs finds part-time work
Seagate shines under Luczo's law
HP whips out blades for future