Cisco has released Security Advisory cisco-sa-20080116-cucmctl to address a heap overflow in the Certificate Trust List (CTL) Provider service in Cisco Unified Communications Manager (CUCM). This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service condition on an affected system.

More information regarding this vulnerability can be found in the Cisco Security Advisory: Cisco Unified Communications Manager CTL Provider Heap Overflow.

US-CERT strongly recommends that administrators review the Cisco Security Advisory above and follow best-practice security policies to determine what updates or workarounds should be applied.