Cisco recently released fixes for security flaws in its CallManager product line. Flaws are of various types from resource leaks to weak resistance to malformed packets. There is also sensitivity to denial of service attacks. The impact of these vulnerabilities are potential breaches of confidentiality, higher CPU utilization, and potentially phones not responding.

I wonder, will Cisco be the hacker target in the VoIP world that Microsoft is in the PC world? With a huge installed base, a hackers dream is to bring down VoIP systems and Cisco is a likely target. One of the great strengths of open standards such as SIP is that everyone understand how it works. This is also the problem with the protocol. I recently caught up with an Rich Mendoza who was at Level 3 and is now working for BorderWare a company that makes SIPassure, a SIP aware firewall. Rich was briefing me on all the different types of SIP attacks he has seen and how his products help companies combat them. I plan on writing about this in the August 2005 issue of Internet Telephony Magazine which should be out in a  few weeks.