Cisco patches its VoIP against flaw

By Derek Sooman on January 26, 2005, 1:23 PM
Cisco has identified and patched security problems in their VoIP IP telephony system. The move is in response to the discovery of potential exploits that can allow hackers to mount denial of service attacks - in theory, at least.

The vulnerability affects versions of Cisco's core Internetwork Operating System (IOS) software configured for the Cisco IOS Telephony Service (ITS), Cisco CallManager Express (CME) or Survivable Remote Site Telephony (SRST) services. By sending malformed control messages a cracker could cause devices such as VoIP routers running the vulnerable software to reload. The trick could be exploited repeatedly to create a Denial of Service (DoS) attack against targeted networks.

Cisco has an advisory here which fully discusses the problem, along with free software upgrades, and with advice on suggested workarounds.




Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.