Cisco warns of flaws in IOS and Unified Communications

Kevin Fogarty, News Director

Cisco Systems Inc has issued a warning of newly discovered vulnerabilities in its Unified Contact Center products, and the operating system running much of its networking equipment.

A Data-LinkSwitching (DLSw) feature in the Cisco IOS could permit a Denial of Service (DoS) attack

    Requires Free Membership to View

using an invalid value in a DLSw exchange message that can crash an IOS device.

Exploiting the flaw would require an attacker to establish a DLSw connection to the device and launch the exploit using ports TCP/2065 and TCP/2067.

The company has published a list of software that is either vulnerable, unaffected or already fixed. The best way to control the attacks, it said, is using the existing Infrastructure Protection Access Control Lists (iACLs), Transit Access Control Lists (tACLs), or Control Plane Policing feature.

The Unified Contact Center -- which provides routing and call-control for Cisco's combined voice and data networking products -- contains a vulnerability that would allow an attacker to restart a JTapi Gateway, which could delay traffic for several minutes.

Exploiting the flaw requires attackers to complete a three-way TCP handshake to the JTapi server port.

There is no workaround or patch for the flaw yet, but Cisco recommends structuring access control lists to protect the vulnerable devices.

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: