Announcement Announcement Module
Collapse
No announcement yet.
Advisory - Multiple Vulnerabilities in Cisco TelePresence System MXP Series Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advisory - Multiple Vulnerabilities in Cisco TelePresence System MXP Series

    Multiple Vulnerabilities in Cisco TelePresence System MXP Series

    Severity Rating: High

    Systems Affected
    • Cisco TelePresence System MXP Series Software prior to F9.3.1

    Overview
    Multiple vulnerabilities have been reported in Cisco TelePresence System MXP Series Software which could allow an unauthenticated remote attacker to cause Denial of Service (DoS) condition.

    Description
    1. Cisco TelePresence System MXP Series Software SIP Denial of Service Vulnerabilities

    These vulnerabilities are in the SIP code of Cisco TelePresence System MXP Software and due to improper handling of crafted or malformed SIP packets.
    An unauthenticated remote attacker could exploit this vulnerability by sending crafted SIP packets to the affected system.

    Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to cause the targeted device to reload which results in a DoS condition.

    2. Cisco TelePresence System MXP Series Software H.225 Denial of Service Vulnerabilities

    These vulnerability are in the H.225 code of Cisco TelePresence System MXP Software and due to improper handling of crafted or malformed H.225 packets.
    An unauthenticated remote attacker could exploit this vulnerability by sending crafted H.225 packets to the affected system.

    Successful exploitation of these vulnerabilities could allow an unauthenticated remote attacker to cause the targeted device to reload which results in a DoS condition.

    Solution
    Apply appropriate updates as mentioned in CISCO advisory:
    http://tools.cisco.com/security/cent...a-20140430-mxp

    Vendor Information
    CISCO
    http://tools.cisco.com/security/cent...a-20140430-mxp

    References
    Cisco
    http://tools.cisco.com/security/cent...?alertId=33900
    http://tools.cisco.com/security/cent...?alertId=33901
Working...
X