Cisco is warning administrators over a pair of new vulnerabilities in the Unified Communications Manager.
The company said that, if exploited, the flaws could allow an attacker to create a denial-of-service attack on the tool, which is used to manage enterprise telephony and communication services. Such an attack could bring down voice services and require the system to be restarted.
An attacker could conduct the exploit by flooding a certain port on the Unified Communications Manager with TCP information packets, causing the system to reject new connection requests and render telephony systems useless.
Cisco said that the flaw affects Unified Communications Manager editions 4, 5, 6 and 7. The Express edition of the software is not believed to be vulnerable to the attack.
The company has released patches for the 6.x and 7.x versions of the tool. A fix for versions 5.x is scheduled to be released in early September. Administrators are advised to install the free updates to prevent attacks.
The risk of attack can also be mitigated by filtering access to the vulnerable TCP 2000 and 2443 ports as well as the UDP 5060 and 5061 ports.
