Vulnerabilities in Cisco’s Unified Communications Manager
Cisco published an advisory report yesterday detailing multiple vulnerabilities in there Unified Communications Manager.
There are three denial of service vulnerabilities that affect session initiation protocol services, two SQL injection vulnerabilities, and a directory transversal vulnerability.
These bugs affect versions 6-8 of Cisco’s Unified Communications Manager.
The DoS bugs are triggered by a malformed SIP message that could cause a critical process to fail, resulting in the failure of voice services.