Disaster recovery bug hangs up Cisco comms kit
PrintFailover falls over
Posted in Data Networking, 7th April 2008 11:08 GMT
Free whitepaper – Cooling strategies for ultra-high density racks and blade servers
There's trouble with the Disaster Recovery Framework (DRF) Master component in a number of unified communications products from Cisco.
The flaw, which the networking giant patched late last week, enables hackers to compromise vulnerable systems. Cisco Emergency Responder, Cisco Unified Communications Manager versions 5 and 6, and Cisco Unified Presence 6.x are affected.
Failure to properly authentic requests by the DRF component means miscreants might be able to execute arbitrary commands on affected systems. Denial of service attacks are also a possibility.
Cisco's advisory can be found here.
The network giant credits VoIPshield Systems with discovering the vulnerability. VoIPshield, which markets VoIP security application products, created a splash last week with claims that it had unearthed previously-undiscovered vulnerabilities and exploits associated with products from Cisco, Nortel, Avaya, and other leading vendors in the area.
It claims its knowledge of these bugs gives it the edge in protecting its clients' IP telephony systems from hacking attacks using a product called VoIPguard, which it describes as an intrusion prevention system for IP telephony systems. ®
Free whitepaper – Reliability analysis of the APC Symmetra MW Power System
What Exchange can't do - and Dell can
Expert Roundtable: The Register Agile Data Center Summit
Dell PowerEdge R710 solution with VMware ESX vs. Dell PowerEdge 2850 solution
Seven ways to lower storage costs
The top 5 server monitoring battles
Apple sues over knock-off power bricks
US Air Force orders 2200 Sony PS3s
Xiotech definitely not using SSDs in near future
HP takes one in the servers