Cisco Security AdvisoryHigh
Advisory ID:
cisco-sa-20130619-tpc
First Published:
2013 June 19 16:00 GMT
Version 1.0:
Workarounds:
Cisco Bug IDs:
CVSS Score:
Base 8.3,
Temporal 6.9
Click Icon to Copy Verbose Score
AV:A/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Click Icon to Copy Verbose Score
AV:A/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
-
Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition.
Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate the Cisco TelePresence TC and TE Software SIP Denial of Service vulnerabilities are available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc
-
Vulnerable Products
The following products running a vulnerable version of Cisco TelePresence TC and TE Software are affected by the SIP DoS vulnerabilities:
- Cisco TelePresence MX Series
- Cisco TelePresence System EX Series
- Cisco TelePresence Integrator C Series
- Cisco TelePresence Profiles Series running
- Cisco TelePresence Quick Set Series
- Cisco IP Video Phone E20
- Cisco TelePresence MX Series
- Cisco TelePresence System EX Series
- Cisco TelePresence Integrator C Series
- Cisco TelePresence Profiles Series
- Cisco TelePresence Quick Set Series
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Cisco TelePresence TC and TE Software SIP Denial of Service Vulnerabilities
Cisco TelePresence TC and TE Software contains two different vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated, remote attacker to cause a denial of service condition.
Both vulnerabilities are due to insufficient validation of crafted SIP packets sent to the affected system. An attacker could exploit both vulnerabilities by sending crafted SIP packets to the affected system.
The first vulnerability is documented in Cisco bug ID CSCue01743 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2013-3377.
Successful exploitation of this vulnerability may cause a reload of the affected system.
The second vulnerability is documented in Cisco bug ID CSCuf89557 (registered customers only) and has been assigned CVE ID CVE-2013-3378.
Successful exploitation of this vulnerability may cause the affected system to become unresponsive for a certain amount of time. Repeated exploitation may lead to a denial of service condition.
Cisco TelePresence TC Software Adjacent root Access Vulnerability
A vulnerability in the implementation of firewall rules could allow an unauthenticated, adjacent attacker to gain root shell access to an affected system.
The vulnerability is due to improper implementation of allowed hosts in the firewall rules. An attacker could exploit this vulnerability by connecting to the management IP address of the affected system. The attacker would need to be logically or physically adjacent to exploit this vulnerability. An exploit could allow the attacker to gain root access to the shell.
This vulnerability is documented in Cisco bug ID CSCts37781 (registered customers only) and has been assigned CVE ID CVE-2013-3379.
-
Cisco TelePresence TC and TE Software SIP Denial of Service Vulnerabilities
If SIP it is not in use, a possible workaround for these vulnerabilities can be achieved by disabling the SIP service: set the NetworkServices SIP Mode to Off by issuing the following xCommand:
Alternatively, administrators can use the web interface to disable the SIP service: navigate to Configuration > Advanced Configuration > Network Services and set the SIP mode to Off.xConfiguration NetworkServices SIP Mode: Off
Cisco TelePresence TC Software Adjacent root Access Vulnerability
There is no workaround that mitigates this vulnerability.
-
Cisco TelePresence TC and TE Software SIP Denial of Service Vulnerabilities
The following table indicates the fixed releases for Cisco TelePresence TC and TE Software for the vulnerability identified by Cisco bug ID CSCue01743 and CVE ID CVE-2013-3377 for each of the affected products:
Products
Affected Releases
Resolved In
Cisco TelePresence MX Series TC5.x and earlier
TC5.1.7 or later
Cisco TelePresence System EX Series TC5.x and earlier TC5.1.7 or later Cisco TelePresence System EX Series TE6.0 TC6.1 or later
Cisco TelePresence Integrator C Series TC5.x and earlier TC5.1.7 or later Cisco TelePresence Profiles Series TC5.x and earlier TC5.1.7 or later Cisco TelePresence Quick Set Series TC5.x and earlier TC5.1.7 or later Cisco IP Video Phone E20
TE4.x and earlier
TE4.1.3
The following table provides information about the fixed releases for Cisco TelePresence TC and TE Software referring to the vulnerability identified by Cisco bug ID CSCuf89557 and CVE ID CVE-2013-3378 for each of the affected products:
Products
Affected Releases
Resolved In
Cisco TelePresence MX Series TC6.x and earlier
TC6.1 or later
Cisco TelePresence System EX Series TC6.x and earlier TC6.1 or later Cisco TelePresence System EX Series TE6.0 TC6.1 or later
Cisco TelePresence Integrator C Series TC6.x and earlier TC6.1 or later Cisco TelePresence Profiles Series TC6.x and earlier TC6.1 or later Cisco TelePresence Quick Set Series TC6.x and earlier TC6.1 or later Cisco IP Video Phone E20
TE4.x and earlier
TE4.1.3
Cisco TelePresence TC Software Adjacent root Access Vulnerability
The table below gives information about the fixed releases for the Cisco TelePresence TC Software Adjacent root Access Vulnerability for each of the affected products:
Products
Affected Releases
Resolved In
Cisco TelePresence MX Series TC4.1 and earlier
TC4.2 or later
Cisco TelePresence System EX Series TC4.1 and earlier TC4.2 or later Cisco TelePresence Integrator C Series TC4.1 and earlier TC4.2 or later Cisco TelePresence Profiles Series TC4.1 and earlier TC4.2 or later Cisco TelePresence Quick Set Series TC4.1 and earlier TC4.2 or later
Recommended Releases
The following table provides information about recommended releases for Cisco TelePresence TC and TE Software that resolve all the vulnerabilities described in this advisory:
Products
Recommended Release
Cisco TelePresence MX Series TC6.1 or later
Cisco TelePresence System EX Series TC6.1 or later Cisco TelePresence System EX Series TC6.1 or later
Cisco Telepresence Integrator C Series TC6.1 or later Cisco TelePresence Profiles Series TC6.1 or later Cisco TelePresence Quick Set Series TC6.1 or later Cisco IP Video Phone E20
TE4.1.3
Note: Cisco TelePresence TE Software version 4.1.3 for Cisco IP Video Phone E20 will be available on June 30, 2013.
When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
The vulnerability identified by Cisco bug ID CSCue01743 and CVE ID CVE-2013-3377 was discovered during internal tests.
The vulnerability identified by Cisco bug ID CSCuf89557 and CVE ID CVE-2013-3377 was reported to Cisco by Knud from nSense.
The Cisco TelePresence TC Software Adjacent root Access Vulnerability was discovered during internal tests.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Show LessRevision 1.0 2013-June-19 Initial public release
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.