Cisco cites security flaws

Cisco Systems has warned customers of vulnerabilities in its communications software package and of a security tool that can be used by attackers to gain access to networks.

On Wednesday, the company issued an advisory on its Web site, warning customers of the vulnerability that affects the Cisco Unity unified communications software package versions 2, 3 and 4. It also warned of a similar problem on Cisco Guard, a tool that helps protect companies from denial-of-service attacks.

Cisco Unity is a unified communications software package that allows users to listen to e-mail over the telephone or check voice messages from the Internet. When integrated with a third-party fax server, it can even forward faxes to any local fax machine.

The problem with Cisco Unity is that it creates certain user accounts with default passwords when integrated with Microsoft's Exchange program. If the password isn't changed when Unity is installed, outside users could log on and read incoming and outgoing e-mail messages. They could also gain access to certain administrative functions.

On Wednesday, Cisco posted a solution on its Web site. The simplest fix is to change the default passwords on the accounts. The accounts with default passwords that should be changed can be found on the Web site.

Cisco said the new version of Cisco Unity version 4.0(5), which is scheduled for release in the first quarter of 2005, will not have this problem.

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.