what you don't know can hurt you

Cisco Security Advisory 20120711-ctrs

Cisco Security Advisory 20120711-ctrs
Posted Jul 12, 2012
Authored by Cisco Systems | Site cisco.com

Cisco Security Advisory - Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash. Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported. There are no workarounds that mitigate these vulnerabilities. Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.

tags | advisory, remote, web, denial of service, arbitrary, vulnerability, code execution, protocol
systems | cisco
MD5 | 6d0c6a3f56c54f775ca5c9f4ee008266

Cisco Security Advisory 20120711-ctrs

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Multiple Vulnerabilities in Cisco TelePresence Recording Server

Advisory ID: cisco-sa-20120711-ctrs

Revision 1.0

For Public Release 2012 July 11 16:00 UTC (GMT)
+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence Recording Server contains the following vulnerabilities:

Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
Cisco TelePresence Web Interface Command Injection
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of
Service Vulnerability may allow a remote, unauthenticated attacker to
create a denial of service condition, preventing the product from
responding to new connection requests and potentially causing some
services and processes to crash.

Exploitation of the Cisco TelePresence Web Interface Command Injection
may allow an authenticated, remote attacker to execute arbitrary
commands on the underlying operating system with elevated privileges.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote
Code Execution Vulnerability may allow allow an unauthenticated,
adjacent attacker to execute arbitrary code with elevated privileges.

Cisco has released updated software that resolves the command and code
execution vulnerabilities. There are currently no plans to resolve
the malformed IP packets denial of service vulnerability, as this
product is no longer being actively supported.

There are no workarounds that mitigate these vulnerabilities.

Customers should contact their Cisco Sales Representative to determine
the Business Unit responsible for their Cisco TelePresence Recording
Server.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org

iF4EAREIAAYFAk/9izAACgkQUddfH3/BbTpgpwD/TQOz5H0BG4ogU7mv8ZnqT69E
bgkxiXeO+2F8ogOPR/gA/iVsXNVK3OOeTYTZx5VCTqjGdtn/QRPNjUFyv5vu/OOH
=wEHe
-----END PGP SIGNATURE-----

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

March 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    15 Files
  • 2
    Mar 2nd
    5 Files
  • 3
    Mar 3rd
    3 Files
  • 4
    Mar 4th
    25 Files
  • 5
    Mar 5th
    20 Files
  • 6
    Mar 6th
    16 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    12 Files
  • 9
    Mar 9th
    3 Files
  • 10
    Mar 10th
    4 Files
  • 11
    Mar 11th
    23 Files
  • 12
    Mar 12th
    12 Files
  • 13
    Mar 13th
    12 Files
  • 14
    Mar 14th
    19 Files
  • 15
    Mar 15th
    12 Files
  • 16
    Mar 16th
    3 Files
  • 17
    Mar 17th
    1 Files
  • 18
    Mar 18th
    15 Files
  • 19
    Mar 19th
    22 Files
  • 20
    Mar 20th
    14 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    15 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close