Cisco has released its first new security alert of the year: a warning that its Cisco Unified Communications Manager - formerly CallManager - contains a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code.
Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory.
The products that are vulnerable are:
- Cisco Unified CallManager 4.0
- Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c
- Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3
- Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1