Cisco TelePresence Products Multiple Vulnerabilities

Last Update Date: 25 Feb 2011 18:12 Release Date: 25 Feb 2011 6589 Views

RISK: Medium Risk

TYPE: Servers - Other Servers

Multiple vulnerabilities have been identified in Cisco TelePresence products, which could be exploited by attackers to bypass restrictions, gain knowledge of sensitive information or unauthorized access, upload arbitrary files, cause a denial of service or execute arbitrary code. These issues are caused by errors related to Java Servlets, administrative web interface, Cisco Discovery Protocol, RMI interface, Real-Time Transport Control Protocol (RTCP), XML-RPC, SOAP interface, CGI commands, Ad Hoc recording, and TFTP requests.

Impact

Denial of Service
Security Restriction Bypass
Information Disclosure

System / Technologies affected

Cisco TelePresence Multipoint Switch versions prior to 1.7.1
Cisco TelePresence Manager versions prior to 1.7.0
Cisco TelePresence Recording Server versions prior to 1.7.0
Cisco TelePresence Endpoint Devices versions prior to 1.7.0

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to patched versions :

http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctms.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctsman.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-ctrs.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20110223-telepresence-cts.shtml

Cisco TelePresence Products Multiple Vulnerabilities

Impact

System / Technologies affected

Solutions

Vulnerability Identifier

Source

Related Link