Security firm Internet Security Systems (ISS) has reported that a flaw in
Cisco’s Call Manager platform could cause a denial of service or complete compromise of the the software.
Call Manager is the software-based call processing component of Cisco’s Voice Over IP (VoIP) infrastructure. According to ISS, compromise of Call Manager could allow an attacker “to redirect calls or
perform eavesdropping as a result of this compromise. Successful
exploitation of this vulnerability could be used to gain unauthorized
access to networks and machines with Cisco VoIP products. No
authentication is required for an attacker to leverage this
vulnerability to compromise a network.”
For its part, Cisco has said that it provided patches to the vulnerability several days before ISS published its advisory, and that no exploits for the flaw have been found in the wild. Both Cisco and ISS have published detailed reports on how to deal with the vulnerability.