<< Previous Next >>
Unified Communications
http://www.cisco.com/warp/public/707/cisco-sa-20090923-sip.shtml
Note: The September 23, 2009, Cisco IOS Security Advisory bundled
publication includes eleven Security Advisories. Ten of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The
following table lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on September 23, 2009, or
earlier.
http://www.packetninjas.net/storage/advisories/Zeacom-CVE-2010-0217.txt
Overview:
Information provided from http://www.zeacom.com
"Zeacom is a leading provider of advanced Unified Communications solutions that integrate
real-time communication tools such as presence information, contact routing, conferencing,
chat and speech recognition with conventional tools such as voicemail, email and fax."
During evaluation of a blackbox application assessment routine
application security checks were performed to test the strength of session
Details
=======
Cisco Unified Service Monitor and Cisco Unified Operations Manager
are products from the Cisco Unified Communications Management Suite.
They provides a way to continuously monitor active calls supported by
the Cisco Unified Communications System.
Two vulnerabilities exist in Cisco Unified Service Monitor and Cisco
Unified Operations Manager software that could allow an
nSense Vulnerability Research Security Advisory NSENSE-2010-003
---------------------------------------------------------------
Affected Vendor: Cisco Systems, Inc
Affected Product: Cisco Unified Communications Manager
Platform: All
Impact: Privilege Escalation
Vendor response: Patch. IntelliShield ID 21656
CVE: CVE-2010-3039
Credit: Knud / nSense
This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070808-scp.shtml.
Note: The August 08, 2007 publication includes four Security Advisories
and one Security Response. The advisories all affect IOS, one
additionally affects Cisco Unified Communications Manager as well. Each
advisory lists the releases that correct the vulnerability described in
the advisory, and the advisories also detail the releases that correct
the vulnerabilities in all four advisories. Individual publication
links are listed below:
Recent versions of Cisco IOS Software do not process SIP messages by
default. Creating a dial peer by issuing the command "dial-peer voice"
will start the SIP processes, causing the Cisco IOS device to process
SIP messages. In addition, several features within Cisco Unified
Communications Manager Express, such as ePhones, once configured will
also automatically start the SIP process, which will cause the device
to start processing SIP messages. An example of an affected
configuration follows:
dial-peer voice <Voice dial-peer tag> voip
Details
=======
Cisco Unity Connection is a feature-rich voice messaging platform
that runs on the same Linux-based Cisco Unified Communications
Operating System that is used by Cisco Unified Communications
Manager. Cisco Unity Connection scales to support enterprise
organizations with up to 100,000 users.
Cisco Unity Connection Privilege Escalation Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20080924-l2tp.shtml
Note: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
- Guillaume Prigent (France)
Web Application Firewalls
- Sebastien Gioria (OWASP France)
UC Security (Unified Communications Security)
- Abhijeet Hatekar (Sipera Systems) (India)
SS7
- Philippe Langlois (France)
http://www.cisco.com/warp/public/707/cisco-sa-20110928-smart-install.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
http://www.cisco.com/warp/public/707/cisco-sa-20110928-dlsw.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
http://www.cisco.com/warp/public/707/cisco-sa-20080924-vpn.shtml
NOTE: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ipsec.shtml
Note: The September 23, 2009, Cisco IOS Security Advisory bundled
publication includes eleven Security Advisories. Ten of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The
following table lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on September 23, 2009, or
earlier.
http://www.cisco.com/warp/public/707/cisco-sa-20080924-iosfw.shtml
Note: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ntp.shtml
Note: The September 23, 2009, Cisco IOS Security Advisory bundled
publication includes eleven Security Advisories. Ten of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The
following table lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on September 23, 2009, or
earlier.
http://www.cisco.com/warp/public/707/cisco-sa-20090923-acl.shtml
Note: The September 23, 2009, Cisco IOS Security Advisory bundled
publication includes eleven Security Advisories. Ten of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The
following table lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on September 23, 2009, or
earlier.
http://www.cisco.com/warp/public/707/cisco-sa-20110928-ipsla.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
http://www.cisco.com/warp/public/707/cisco-sa-20110928-c10k.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
http://www.cisco.com/warp/public/707/cisco-sa-20110928-nat.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
http://www.cisco.com/warp/public/707/cisco-sa-20080924-ubr.shtml
NOTE: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS^ software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
http://www.cisco.com/warp/public/707/cisco-sa-20090923-ios-fw.shtml
Note: The September 23, 2009, Cisco IOS Security Advisory bundled
publication includes eleven Security Advisories. Ten of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The
following table lists releases that correct all Cisco IOS Software
vulnerabilities that have been published on September 23, 2009, or
earlier.
traffic while all of the existing VoIP inspection functions for SCCP
and Session Initiation Protocol (SIP) protocols are preserved. Once
voice signaling is decrypted, the plain-text signaling message is
passed to the existing inspection engines. The security appliance
accomplishes this by acting as a TLS proxy between the IP phone and
Cisco Unified CallManager and Cisco Unified Communications Manager,
which implies that TLS sessions are terminating on the security
appliance. This is done over TCP ports 2443 and 5061.
To determine whether the Cisco PIX or Cisco ASA security appliance is
configured to support inspection of encrypted voice, log in to the
=======
Cisco Unified Presence collects information about a user's
availability status and communications capabilities. Using
information captured by Cisco Unified Presence, applications such as
Cisco Unified Personal Communicator and Cisco Unified Communications
Manager can improve productivity by helping users connect with
colleagues more efficiently by determining the most effective means
for collaborative communication.
The Presence Engine service of Cisco Unified Presence version 1.0
the Cisco Security Manager are examples of a standalone implementation.
Standalone agents are installed in the following Cisco IP Communications
products:
* Cisco Unified Communications Manager (CallManager)
* Cisco Conference Connection (CCC)
* Emergency Responder
* IPCC Express
* IPCC Enterprise
* IPCC Hosted
http://www.cisco.com/warp/public/707/cisco-sa-20080924-multicast.shtml
Note: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
http://www.cisco.com/warp/public/707/cisco-sa-20110928-zbfw.shtml.
Note: The September 28, 2011, Cisco IOS Software Security Advisory
bundled publication includes ten Cisco Security Advisories. Nine of the
advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses a vulnerability in Cisco Unified Communications
Manager. Each advisory lists the Cisco IOS Software releases that
correct the vulnerability or vulnerabilities detailed in the advisory as
well as the Cisco IOS Software releases that correct all vulnerabilities
in the September 2011 Bundled Publication.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cisco Security Advisory: Cisco Unified Communications Web-based
Management Vulnerability
Document ID: 97836
Advisory ID: cisco-sa-20071017-IPCC
http://www.cisco.com/warp/public/707/cisco-sa-20100922-nat.shtml
Note: The September 22, 2010, Cisco IOS Software Security Advisory
bundled publication includes six Cisco Security Advisories. Five of
the advisories address vulnerabilities in Cisco IOS Software, and one
advisory addresses vulnerabilities in Cisco Unified Communications
Manager. Each advisory lists the releases that correct the
vulnerability or vulnerabilities detailed in the advisory. The table
at the following URL lists releases that correct all Cisco IOS
Software vulnerabilities that have been published on September 22,
2010, or earlier:
http://www.cisco.com/warp/public/707/cisco-sa-20080924-ssl.shtml
Note: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
http://www.cisco.com/warp/public/707/cisco-sa-20080924-sccp.shtml
Note: The September 24, 2008 IOS Advisory bundled publication
includes twelve Security Advisories. Eleven of the advisories address
vulnerabilities in Cisco's IOS software, and one advisory addresses
vulnerabilities in Cisco Unified Communications Manager. Each
Advisory lists the releases that correct the vulnerability described
in the Advisory. Please reference the following software table to
find a release that fixes all published IOS software Advisories as of
September 24th, 2008:
<<Previous Next>>
|
