7/18/2005 -- Cisco Systems Inc. last week warned of flaws in its Cisco CallManager (CCM) IP telephony software that, if exploited by unscrupulous hackers, could result in several different denial-of-service (DoS) attacks.

In a worst-case scenario, attackers who successfully exploit the vulnerability could execute arbitrary code on compromised CCM systems

CCM is the Windows-based call-processing component of Cisco’s IP telephony stack. Cisco confirmed that CCM versions 3.3 and earlier, 4.0, and 4.1 are vulnerable to DoS attacks, memory leaks, and memory corruption.

Cisco warned of several vulnerabilities, including (1) a resource leak in CCM’s Realtime Information Server Data Collection (RISDC) component that could cause that service to hang; (2) a memory allocation vulnerability in Cisco CallManager CTI; (3) another memory-allocation vulnerability whereby CCM improperly allocates memory to the CCM.EXE process; (4) a memory leak resulting from failed logins when Multi-Level Admin is enabled; (5) and a potential memory allocation and buffer overflow vulnerability in CCM’s AUPAIR.EXE service (known as Cisco Database Layer Monitor in the Windows Task Monitor) that could cause DoS or arbitrary code execution.

An attacker can exploit the first four vulnerabilities to cause CCM to stop responding or (once resources are exhausted) reboot the system; in the most serious case, an attacker could exploit the AUPAIR.EXE vulnerability to execute arbitrary code on a Windows CCM host or gain access to confidential information such as Cisco VoIP traffic.

There are no workarounds, but Cisco did issue a patch for the vulnerability, available here. -Stephen Swoyer