session initiation protocol

Hackers Push Sipvicious VoIP Tools In Malicious Attacks

Researchers at NSS Labs claim that they’ve spotted attacks that use Sipvicious, a common auditing tool for Voice over IP (VoIP) networks as part of malicious attacks aimed at taking control of vulnerable VoIP servers. The attacks are apparently aimed at taking control of VoIP servers to place unauthorized calls. 

Vulnerabilities in Cisco’s Unified Communications Manager

Cisco published an advisory report yesterday detailing multiple vulnerabilities in there Unified Communications Manager.

There are three denial of service vulnerabilities that affect session initiation protocol services, two SQL injection vulnerabilities, and a directory transversal vulnerability.

These bugs affect versions 6-8 of Cisco’s Unified Communications Manager.

The DoS bugs are triggered by a malformed SIP message that could cause a critical process to fail, resulting in the failure of voice services.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.