Cisco Unity Arbitrary International Operator Calls
Remote / Network Access
Loss of Integrity
Cisco Unity contains a flaw that may allow a remote attacker to arbitrary place international calls. The issue is triggered due to the default configuration in the predefined restriction tables, which does not block calls to the international operator. It is possible that the flaw may allow a remote attacker to arbitrary configure call forwardings to the international operator or other restricted numbers, resulting in a loss of integrity.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Add additional dial strings to the restriction tables to prevent the application from trying to place a toll call.