The San Jose-based networking equipment giant said its CallManager software is vulnerable to DoS attacks and privilege escalation, according to separate company advisories issued Wednesday.
In the first case, the product does not properly manage TCP connections and Windows messages, leaving some ports vulnerable to DoS attacks, according to the company.
Successful malware authors could knock out the service, leading to telephones either not responding or withdrawing their registration from CallManager, Cisco said.
In the other vulnerability, users with limited, read-only access to the device can assume full administrative powers, allowing them to alter data and reset the device, the company said.
Cisco said free software to fix the flaws is available on its website. The company also recommended a temporary solution for the access vulnerability by only using the "no access" or "full access" privileges instead of the "read-only" privilege.
Cisco said it was not aware of any malicious attempts to compromise systems.