Cisco voice products on IBM servers contain a flaw that may allow a remote denial of service. The issue is triggered by an insecure installation of IBM Director by the Cisco default installations, and will result in loss of availability for the platform.
Classification
Attack Type:
Denial of Service
Impact:
Loss of Availability
Technical
The default installations of Cisco voice products on IBM servers will install IBM Director in unsecure state leaving TCP and UDP ports 14247 open. A network security scanner scanning port 14247 can trigger the IBM Director agent process twgipc.exe to use 100% of the CPU until the server is rebooted
The vulnerabilities are specific to Cisco voice products on IBM servers and all vulnerabilities listed in this advisory can be mitigated with the repair script without requiring an upgrade.
Solution
The vulnerabilities are specific to Cisco voice products on IBM servers and all vulnerabilities listed in this advisory can be mitigated with the repair script without requiring an upgrade.
