VoIP Security Alert
Internet Security Systems today announced it has provided protection for flaws the company discovered in VoIP technology offered by Cisco.
The most recent VoIP security flaws discovered by ISS’ X-Force(R) team lie in Cisco’s Call Manager, an essential component to the functioning of any Cisco VoIP deployment, performing tasks such as call signalling and call routing. By exploiting these vulnerabilities, an attacker is able to trigger a heap overflow within a critical Call Manager process, causing both a denial of service condition and enabling an attacker to completely compromise the Call Manager server. This could allow the attacker to redirect calls or eavesdrop, as well as gain unauthorized access to networks and machines running Cisco VoIP products. Compromise of VoIP networks and machines may lead to exposure of confidential information, loss of productivity and further network compromise.
The full ISS X-Force advisory on these flaws can be found here.
Recent Entries
- Scientists warn that Skype is an ideal vehicle for hackers
- Netgear WiFi phone - for Skype!
- Windows Live Messenger Phone
- Uniden and 8×8 Introduce New Generation of Co-Branded VoIP Products
- Jawbone information
- ZyXEL VoIP WiFi phone
- VoIP Security
- Sennheiser Introduces Two VoIP Headsets
- Verizon VoiceWing
- Skype headphones and microphones