Disaster recovery bug hangs up Cisco comms kit
Failover falls over
SaaS data loss: The problem you didn’t know you had
There's trouble with the Disaster Recovery Framework (DRF) Master component in a number of unified communications products from Cisco.
The flaw, which the networking giant patched late last week, enables hackers to compromise vulnerable systems. Cisco Emergency Responder, Cisco Unified Communications Manager versions 5 and 6, and Cisco Unified Presence 6.x are affected.
Failure to properly authentic requests by the DRF component means miscreants might be able to execute arbitrary commands on affected systems. Denial of service attacks are also a possibility.
Cisco's advisory can be found here.
The network giant credits VoIPshield Systems with discovering the vulnerability. VoIPshield, which markets VoIP security application products, created a splash last week with claims that it had unearthed previously-undiscovered vulnerabilities and exploits associated with products from Cisco, Nortel, Avaya, and other leading vendors in the area.
It claims its knowledge of these bugs gives it the edge in protecting its clients' IP telephony systems from hacking attacks using a product called VoIPguard, which it describes as an intrusion prevention system for IP telephony systems. ®
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
