Attackers Could Eavesdrop On Cisco-Routed VoIP Calls?
Flaws in Cisco's voice-over-Internet (VoIP) software could allow an attacker to bring down the alternative-to-traditional-telephone service, or access the server that initiates and routes Web-based calls, an Atlanta-based security firm said.
According to alerts posted online by Internet Security Systems' (ISS) X-Force research team, Cisco's CallManager sports a pair of bugs that could be "reliably exploited" by hackers. The potential result: at best a denial-of-service style crash, at worst, a situation where the attacker could redirect calls at will or even eavesdrop on conversations.
By sending specially-crafted packets to Cisco CallManager, an attacker could create a heap overflow and crash the system or gain access. ISS said that an exploit wouldn't need any help from a user, pushing the threat into a more dangerous category.
posted by Fergie @ 7/14/2005 11:48:00 AM
0 Comments:
Post a Comment
<< Home