SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Multimedia)  >   Cisco TelePresence Vendors:   Cisco
Cisco TelePresence VCS and Expressway Multiple Bugs Let Remote Users Deny Service
SecurityTracker Alert ID:  1031055
SecurityTracker URL:  http://securitytracker.com/id/1031055
CVE Reference:   CVE-2014-3368, CVE-2014-3369, CVE-2014-3370   (Links to External Site)
Date:  Oct 15 2014
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  

Description:   Several vulnerabilities were reported in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway. A remote user can cause denial of service conditions.

A remote user can send specially crafted IP packets at a high rate to cause the target system to crash and reload [CVE-2014-3368].

The vendor has assigned bug ID CSCui06507 to this vulnerability.

A remote user can send specially crafted Session Description Protocol (SDP) to the target system when the Session Initiation Protocol (SIP) IX Channel filter is configured to cause the target device to reload [CVE-2014-3369].

The vendor has assigned bug ID CSCuo42252 to this vulnerability.

A remote user can send specially crafted SIP packets to cause the target device to reload [CVE-2014-3370].

The vendor has assigned bug IDs CSCum60442 and CSCum60447 to this vulnerability.

Impact:   A remote user can cause the target system to crash and reload.
Solution:   The vendor has issued a fix (X8.2).

The vendor's advisory is available at:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

Vendor URL:  tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs (Links to External Site)
Cause:   Input validation error, State error

Message History:   None.


 Source Message Contents

Subject:  Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

Advisory ID: cisco-sa-20141015-vcs

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

Revision 1.0

For Public Release 2014 October 15 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software includes the following vulnerabilities:

    Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability
    Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability
    Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability

Succesfull exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the affected system, which may result in a Denial of Service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVD6P+4pI1I6i1Mx3AQLo3w//b7W6uaV0LtUS6ij/XXH0YhnSHJqwTJvZ
5DNBjIAuHDBW53An4CU9dAEyjRLQSEgmGS5eLLCQtw2HuPWCTLxaAl+2CTVeKsZs
6afHx9OKYiMGlHQuZiAYupB5xjqhLTXpo0XgHZsgn+PBmhlcg6DE8l6EHEGZEAJJ
Em4WQszSN8mKVqgD6r2ZcK7atQ6TFVTOxjxTTF8DeC/il5kC4XuUR/apBu2VqltY
HrNnNQ0lEUQSEI/veCpVQqC6QPioFP7Fjg38FCi5bi/AtSTZyLvHRt4gakNNeDMc
t6oGHiYexDJnrTyNxZI3YbIZQOTLahHJajt8ZU837VTB/bUI8ULNptTw3TnObPdp
OQU/ah/moLNsaD+oyHqQyaO01KdZbZAAXNm11hRulfhXj/1Yjxy0Nft6Bi1v/l6m
HlrFTzD9F705A1li3cVkVc5Yv8kiD4TtK/tUTPRg/3lb/Dxkntui5LIglurft3OC
uDCnLLBL6vNrhjXz+JNgiRjE4H9CEU8qk6lR9Dhkzgc2OAb/+TcB3RdAtDlNrsIO
9zr8FxhufzUHgTrikUL3Kan23AcDNK1myLVyUY/3wfW4grdmLECFr3PNccohIMTC
d0BkAacqacMiyBkD6AZibAiBYYomCNnAsRTKZedeHZTgch+YVXJrl9f6NRpGFW1W
V7PLGyasDgU=
=21uO
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC