Glitch found in Cisco VoIP could crash phone service

A glitch in Cisco Systems Inc.’s IP PBX software could leave an enterprise’s Cisco-based voice-over-IP system open to a denial-of-service attack, according to a notice issued this week by Bugtraq, a security alert mailing list.

The notice says a failed system logon to a Cisco CallManager by someone using the system’s call dispatching application could cause the server to reboot if the system is not properly configured.

Users trying to access the WebAttendant application – used by employees such as administrative assistants who accept and dispatch calls to other workers – could crash CallManager if the WebAttendant or Computer Telephony Integration Framework (CTIFW) user is not correctly configured. This vulnerability could be used to intentionally crash phone service at a CallManager site, the notice indicates.

The problem affects CallManager 3.1 only. Cisco is offering a software patch to solve the problem. The memory leak error can also be fixed by configuring the CTIFW user.

“This behavior is most commonly seen on CallManager systems immediately following the integration with a customer directory such as Active Directory or Netscape,” according to the notice, and Cisco’s Web site.

More information on the software fix, and the workaround can be found here.

CallManager is the application at the heart of Cisco’s IP voice system, doing in software what a traditional circuit-switched PBX does in hardware. CallManager is Windows-based and is installed on the company’s Media Convergence Server and Integrated Communication System hardware platforms, and can also run on Intel servers from Compaq and IBM.

CallManager is part of Cisco’s Architecture for Voice, Video and Integrated Data product line. Cisco is the market leader in enterprise IP telephony servers and handsets according to research firms Cahners In-State and The Phillips Group. Avaya, Nortel, 3Com, Alcatel, Mitel and Siemens compete with Cisco in the enterprise VoIP market.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now