Cisco Outlines Java-Related Flaws
- By Becky Nagel
- July 30, 2007
Last week, Cisco addressed handshake issues associated with its line of enterprise call-handling and collaboration products. A flaw in Sun's Java Secure Socket Extension (JSSE), which Sun revealed earlier this month, can pose traffic tie-up problems for users of the Cisco Unified Communications system.
The flaws can make it so that "[s]ome versions of Sun JSSE do not properly handle certain Transport Layer Security (TLS) or Secure Sockets Layer (SSL) handshake requests." It can also cause "excessive CPU usage" that could ultimately create a "Denial of Service condition," according to Cisco's security bulletin.
So far, according to Cisco, the problem affects Cisco Unified Call Manager releases 5.0 and later (although fixes are present in versions 5.2 and 6.0). It also affects Cisco Unified Presence releases earlier than version 6.0(1) and anyone with an earlier version is urged to upgrade.
"There is no workaround for this issue, but mitigation is possible," Cisco's announcement stated. "Cisco Unified CallManager and Cisco Unified Presence customers are advised to restrict access to the administrative interface to the IP addresses of known management stations."
To read the official security bulletin from Cisco, go here.