[原文]The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.
Vulnerability announced in a Cisco Security Advisory.
Cisco Unity Server 3.1
Cisco Unity Server 3.0
Cisco Unity Server 2.46
Cisco Unity Server 2.4
Cisco Unity Server 2.3
Cisco Unity Server 2.2
Cisco Unity Server 2.1
Cisco Unity Server 2.0
Unity is a Cisco software product designed to unify voice message, fax, and e-mail into a user's inbox.
Under some circumstances, users may be able to forward calls to unauthorized destinations. The default restrictions implemented by Unity software prevent users from forwarding calls to operators with the 9 011 prefix. However, this does not prevent forwarding to International operators.
No exploit is required for this vulnerability.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.