AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:U/RC:C
-
Cisco TelePresence Multipoint Switch contains the following vulnerabilities:
- Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
- Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms
-
Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities that are described in this security advisory. The following tables contain specific information for each vulnerability. For specific information regarding affected code, refer to the "Software Versions and Fixes" of this security advisory.
Cisco Telepresence Malformed IP Packets Denial Of Service Vulnerability
Product Affected Cisco TelePresence Manager YES Cisco TelePresence Recording Server YES Cisco TelePresence Multipoint Switch YES Cisco TelePresence Immersive Endpoint System
NO
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
Product Affected Cisco TelePresence Manager YES Cisco TelePresence Recording Server YES Cisco TelePresence Multipoint Switch YES Cisco TelePresence Immersive Endpoint System YES
Detailed Information about Vulnerable Products
This security advisory describes vulnerabilities in the Cisco TelePresence Multipoint Switch. For additional information regarding how the vulnerabilities may affect other vulnerable products, please refer to the specific product security advisory listed in following table:
Product Security Advisory Publication Link Cisco TelePresence Recording Server https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs Cisco TelePresence Manager https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman Cisco TelePresence Immersive Endpoint System
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
How to Determine the Software Version
Cisco TelePresence Multipoint Switch devices that are running an affected version of software are vulnerable.
To determine the current version of software that is running on the Cisco TelePresence Multipoint Switch, establish an SSH connection to the device and issue the show version active and the show version inactive commands. The output should resemble the following example:
admin: show version active Active Master Version: 1.7.0.0-471 Active Version Installed Software Options: No Installed Software Options Found. admin: show version inactive Inactive Master Version: 1.6.0.0-342 Inactive Version Installed Software Options: No Installed Software Options Found.
In the preceding example, the system has versions 1.6.0 and 1.7.0 loaded on the device, and version 1.7.0 is currently active. A device is affected only by vulnerabilities that are in the active software version.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
The Cisco TelePresence Multipoint Switch is designed to support multipoint (multi-location) Cisco TelePresence meetings for multiple segments in a single meeting.
This section provides additional information for each vulnerability that affects Cisco TelePresence Multipoint Switch.
Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
A vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.
This vulnerability is documented in Cisco bug IDs CSCty11219 (registered customers only), CSCty11299 (registered customers only), CSCty11323 (registered customers only) and CSCty11338 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-3073.
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.
Because Cisco Discovery Protocol works at the data link layer (Layer 2), an attacker must have a way to submit an Ethernet frame directly to an affected device. This action may be possible in situations where the affected system is part of a bridged network or connected to a non partitioned device, such as a network hub.
This vulnerability is documented in Cisco bug ID CSCtz40965 (registered customers only) and has been assigned CVE ID CVE-2012-2486
-
There are no workarounds that mitigate these vulnerabilities.
-
This section provides details about affected releases and remediation for each vulnerabilities that affects Cisco TelePresence Multipoint Switch.
Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
Version First Fixed In Prior to 1.6
1.8.1 1.6
1.8.1 1.7
1.8.1 1.8
1.8.1 1.9 Not Vulnerable
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
Version First Fixed In Prior to 1.6
1.9.0 1.6
1.9.0 1.7
1.9.0 1.8
1.9.0 1.9 Not Vulnerable Recommended Releases
The following table gives information about the releases that contains the fixes for all the vulnerabilities that are described in this security advisory:
Version Recommended Release Prior to 1.6
Upgrade to 1.9.0 1.6
Upgrade to 1.9.0 1.7
Upgrade to 1.9.0 1.8
Upgrade to 1.9.0 When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
These vulnerabilities were found during Cisco internal tests.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.0 2012-July-11 Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.