Cisco has released a security alert, its first of the year, for its call-processing platform, the Unified Communications Manager.

The networking giant said that the product, formerly known as CallManager, contained a heap overflow vulnerability in the Certificate Trust List that could allow a hacker to cause a denial-of-service attack or execute arbitrary code.

Cisco has made available a free software fix for affected customers, and a workaround is available in its security advisory.

The products that are vulnerable are:

  • Cisco Unified CallManager 4.0
  • Cisco Unified CallManager 4.0
  • Cisco Unified CallManager 4.1 Versions prior to 4.1(3)SR5c
  • Cisco Unified Communications Manager 4.2 Versions prior to 4.2(3) SR3
  • Cisco Unified Communications Manager 4.3 Versions prior to 4.3(1) SR1

Cisco said it was not aware of any public announcements or malicious use of the vulnerability, which was reported to Cisco from TippingPoint.