Categories: Announcements

Security Issues Addressed for Cisco Unified Communications Manager

Cisco has announced that certain versions of Cisco Unified Communications Manager (Cisco Unified CM) are vulnerable to remote hacker attacks such as

  • Blind Structured Query Language (SQL) injection
  • Command injection
  • Privilege escalation

Temporary Fix

Cisco explains how they found out about the problem through independent researchers:

On June 6, 2013, a French security firm, Lexfo, delivered a public presentation on VoIP security that included a demonstration of multiple vulnerabilities used to compromise Cisco Unified CM. During the presentation, the researchers demonstrated a multistaged attack that chained a number of vulnerabilities, which resulted in a complete compromise of the Cisco Unified CM server. 

A Cisco Options Package (COP) file has been released as a temporary fix to shore up the weaknesses and can be found on the Cisco download page. Look for the file named:

  • cmterm-CSCuh01051-2.cop.sgn

Vulnerable Products

These versions of Cisco Unified CM are known to be vulnerable:

  • Cisco Unified Communications Manager 7.1(x)
  • Cisco Unified Communications Manager 8.5(x)
  • Cisco Unified Communications Manager 8.6(x)
  • Cisco Unified Communications Manager 9.0(x)
  • Cisco Unified Communications Manager 9.1(x)

These additional Cisco products might be vulnerable to the same products but, they haven’t been confirmed yet:

  • Cisco Emergency Responder
  • Cisco Unified Contact Center Express
  • Cisco Unified Customer Voice Portal
  • Cisco Unified Presence Server/Cisco IM and Presence Service
  • Cisco Unity Connection

Lucian Constantin at PCWorld is also reporting that Cisco has warned users of denial-of-service (DoS) attacks could affect these products:

Via Cisco and PCWorld

Nathan Miloszewski

Nate is VoIP Supply's former Content Marketing Manager.

Share
Published by
Nathan Miloszewski

Recent Posts

Combined Strength: UC Solutions for Easy Selling | Webinar May 2025

https://youtu.be/hDzakM8YGGI Knowing about UC Solutions and how to sell them can lead to added success…

2 weeks ago

Did You Know: Emergency Communication with VoIP Is Revolutionizing Public Safety?

Did you know the first 9-1-1 call dates back to 1968 in Alabama? AT&T introduced…

2 weeks ago

Watch Now: 2025 May VoIP News Update

https://youtu.be/ibAll_fVU4g?si=9O6QVec9cL6YjtDE Your May VoIP News Update is here! In this month's episode, we cover a…

2 weeks ago

Fanvil V62W Wi-Fi IP Phone Product Feature Video and How to Register with Sangoma PBXact

https://youtu.be/KrdtAr7TDHI?si=Te6zARkJkDZKoW9R If you haven't seen the Fanvil V62W Wi-Fi IP Phone, you may want to…

3 weeks ago

Did You Know: You Can Custom Design Your Ideal Meeting Space With New Tools?

You want to optimize your meeting space or conference room to ensure every remote or…

1 month ago

How to Create and Submit an RMA 2025

https://youtu.be/58HX8VIljrY?si=v4-BBtOhIiDujgch In the fast-paced world of Telecommunications, things can happen, and sometimes those things require…

1 month ago