Skip to main content

Cisco TelePresence Multiple Vulnerabilities

Last Update Date: 13 Jul 2012 Release Date: 12 Jul 2012 5114 Views

RISK: Medium Risk

TYPE: Clients - Im, Chat & Voip

TYPE: Im, Chat & Voip

Multiple vulnerabilities have been identified in Cisco TelePresence.

  1. A remote user on the adjacent network can send specially crafted Cisco Discovery Protocol packets to trigger a buffer overflow and execute arbitrary code on the target system with elevated privileges. (Cisco TelePresence Recording Server, Immersive Endpoint devices, Recording Server, TelePresense Manager and Multipoint Switch)
  2. A remote user can send a sequence of specially crafted IP packets and TCP connection requests or terminations at a high rate to prevent the target device from responding to new connection requests. Some services and processes may crash. (Cisco TelePresence Recording Server, TelePresence Manager and Multipoint Switch)
  3. An error within the administrative web interface can be exploited to inject and execute arbitrary commands. (Cisco TelePresence Recording Server and Immersive Endpoint devices)
  4. An error within a Cisco TelePresence API can be exploited to inject and execute arbitrary commands via a specially crafted request to TCP port 61480. (Cisco TelePresence Immersive Endpoint devices)

 


Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • Versions prior to 1.9.0 for Cisco TelePresence Manager and Cisco TelePresence Multipoint Switch
  • Versions prior to 1.8.1 for Cisco TelePresence Recording Server
  • Versions prior to 1.9.1 for Cisco TelePresence Immersive Endpoint devices
  • Versions prior to 1.8.0 for Cisco TelePresence Recording Server Denial of Service Vulnerability

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

 


Vulnerability Identifier


Source


Related Link