Threats Targeting Remote Administration

In releases earlier than Cisco CallManager Release 4.1, HTTP is the standard protocol for accessing the Cisco CallManager Administration web pages. If an attacker intercepts the connection and looks for the username and password of the administrator, the attacker can find the relevant information easily because CallManager does not encrypt the connection. Beginning with Cisco CallManager Release 4.1, HTTPS (RFC 2818) is the standard protocol for accessing the Cisco CallManager Administration pages, without installing or configuring any additional security parameters.

To add to the security woes, the default Cisco CallManager Administrator account is the same as the Microsoft Windows Administrator account. If a hacker learned this login information, the hacker could not only access the Cisco CallManager Administration pages, but could also log in to the operating system of the Cisco CallManager server with full access to all information. To address this issue, Cisco has added Multilevel Administration Access (MLA), giving CallManager an alternate user database to manage administrative privileges.