By Sharla Sikes

A recent security risk to Cisco’s IP Phones and Unified Communications Manager was identified and blocked.

On Thursday, Cisco “rushed” security patches to protect its VoIP setup from allowing malware into networks using its at-risk products.

The phones open to the risk were the range of Cisco 7900 Series IP Phones, and some of the flaws may have left the door open to attacks including malicious DNS responses, a bug on the phone’s SSH server and flaws in the handling of MIME on SIP messages.

In layman’s terms: the risks  could range from dropped calls to complete network takeovers.

Another error leaves database information open due to an error in the Web interface that could allow an injection attack.

However, before the screaming panic ensues, right now it’s all a big “if”: No actual attacks have been reported, according to Cisco.

Those using the Cisco products at risk are recommended to update, even though the hack is described as “tricky.” Workarounds are also available but can cause headaches, due to disabling remote management of services. 

Related Content

Subscribe to the post comments feeds or Leave a trackback