Cisco Systems Inc has issued a warning of newly discovered vulnerabilities in its Unified Contact Center products,...
and the operating system running much of its networking equipment.
A Data-LinkSwitching (DLSw) feature in the Cisco IOS could permit a Denial of Service (DoS) attack using an invalid value in a DLSw exchange message that can crash an IOS device.
Exploiting the flaw would require an attacker to establish a DLSw connection to the device and launch the exploit using ports TCP/2065 and TCP/2067.
The company has published a list of software that is either vulnerable, unaffected or already fixed. The best way to control the attacks, it said, is using the existing Infrastructure Protection Access Control Lists (iACLs), Transit Access Control Lists (tACLs), or Control Plane Policing feature.
The Unified Contact Center -- which provides routing and call-control for Cisco's combined voice and data networking products -- contains a vulnerability that would allow an attacker to restart a JTapi Gateway, which could delay traffic for several minutes.
Exploiting the flaw requires attackers to complete a three-way TCP handshake to the JTapi server port.
There is no workaround or patch for the flaw yet, but Cisco recommends structuring access control lists to protect the vulnerable devices.