Cisco Security Advisory: Cisco Unified Communications Manager and Presence Server Unauthorized Access Vulnerabilities

CiscoのCallManagerと Cisco Unified Presence Server に2つの脆弱性が存在して認証を受けなくてもAdministrator権限でサービスのON・OFFができ、SNMP設定情報にアクセスできるそうです。(SNMPコミュニティ名もみれちゃうそうです)

Cisco Unified Communications Manager (CUCM), formerly CallManager,
and Cisco Unified Presence Server (CUPS) contain two vulnerabilities
that could allow an unauthorized administrator to activate and
terminate CUCM / CUPS system services and access SNMP configuration
information. This may respectively result in a denial of service
(DoS) condition affecting CUCM/CUPS cluster systems and the
disclosure of sensitive SNMP details, including community strings.

There are no workarounds for these vulnerabilities.

Cisco has made free software available to address these
vulnerabilities for affected customers.

This advisory is posted at
http://www.cisco.com/warp/public/707/cisco-sa-20070711-voip.shtml