Cisco Patches Call Manager
Cisco's Call Manager software, the heart of its VoIP infrastructure, has been found vulnerable to a DoS attack, or a complete compromise that could allow malicious users to listen in on or reroute calls.
Security firm Internet Security Systems (ISS) has reported that a flaw in Cisco's Call Manager platform could cause a denial of service or complete compromise of the the software.
Call Manager is the software-based call processing component of Cisco's Voice Over IP (VoIP) infrastructure. According to ISS, compromise of Call Manager could allow an attacker "to redirect calls or perform eavesdropping as a result of this compromise. Successful exploitation of this vulnerability could be used to gain unauthorized access to networks and machines with Cisco VoIP products. No authentication is required for an attacker to leverage this vulnerability to compromise a network."
For its part, Cisco has said that it provided patches to the vulnerability several days before ISS published its advisory, and that no exploits for the flaw have been found in the wild. Both Cisco and ISS have published detailed reports on how to deal with the vulnerability.