Cisco warns of flaws in IOS and Unified Communications

Gaps could allow denial-of-service (DoS) attacks; no patch is available yet, but access controls can limit exposure.

This Content Component encountered an error

Cisco Systems Inc has issued a warning of newly discovered vulnerabilities in its Unified Contact Center products, and the operating system running much of its networking equipment.

A Data-LinkSwitching (DLSw) feature in the Cisco IOS could permit a Denial of Service (DoS) attack using an invalid value in a DLSw exchange message that can crash an IOS device.

Exploiting the flaw would require an attacker to establish a DLSw connection to the device and launch the exploit using ports TCP/2065 and TCP/2067.

The company has published a list of software that is either vulnerable, unaffected or already fixed. The best way to control the attacks, it said, is using the existing Infrastructure Protection Access Control Lists (iACLs), Transit Access Control Lists (tACLs), or Control Plane Policing feature.

The Unified Contact Center -- which provides routing and call-control for Cisco's combined voice and data networking products -- contains a vulnerability that would allow an attacker to restart a JTapi Gateway, which could delay traffic for several minutes.

Exploiting the flaw requires attackers to complete a three-way TCP handshake to the JTapi server port.

There is no workaround or patch for the flaw yet, but Cisco recommends structuring access control lists to protect the vulnerable devices.

Dig deeper on Threat management and prevention

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close