Cisco Releases Security Patches to Correct TelePresence Security Vulnerabilities

Home
- Latest
- All new posts
- Industry press
- Photos
- Videos
- All site topics
- Subscribe via Email
- via Facebook
- via Twitter
- Top story
- Extron Now Shipping VNR 100 VN-Matrix Single Channel Recorder
- Latest news
- Gefen Showcases 4K Products at InfoComm 2013
  Gefen Debutes Booster for DisplayPort
  Panopto Releases Panopto 4-4: Includes iOS App, Capture Device and Editor Tool
  More news
Trends & Advice
- By department
- Blogs
- Case Studies
- Best Practices
- ROI
- Tech Trends
- How Tos
- Quick Tips
- Top story
- Is 4K Ready for Your Prime Time?
- Latest trends & advice
- TechDecisions Guide to 24 Short-throw and Ultra-short-throw Projectors
  Best Music Apps for OS X Mac and Windows PC
  Best Internet Radio Apps for iOS and Android
  More trends & advice
Products
- By department
- Latest Products
- A/V Products
- IT Products
- All product topics
- Featured product
- Panopto Releases Panopto 4-4: Includes iOS App, Capture Device and Editor Tool
- Our Sponsors
- AMX
Guides & Reports
- Featured
- Download: Special Report - When and Why to Upgrade Video Projectors for Your Campus
- Latest guides & reports
- Download: TechDecisions Guide to Digital Signage Content Management Systems
  Download: Deliver Technology Hotel Guests Demand - Digital Media, Control & Automation, AV
  Download: How to Save a Lot of Money with Energy and Lighting Devices and Controls
  More guides & reports

The TelePresence product line is open to a variety of attacks.

By Lisa Nadile

July 17, 2012

If you own Cisco Telepresence products, you have some work to do. Cisco quietly released four security advisories that describe the vulnerabilities in its TelePresence line. The vulnerabilities mean outsiders can hack into your videoconferencing system. The problems affect the TelePresence Recording Server, TelePresenceMultiPoint Switch, TelePresence Manager, and all TelePresence Endpoints. In most cases, the advisories direct users to patches that can correct the problem.

Advisory #1

Cisco TelePresence Recording Server contains the following vulnerabilities:
• Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
• Cisco TelePresence Web Interface Command Injection
• Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.

Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported.

There are no workarounds that mitigate these vulnerabilities.

Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.

Advisory #2

Cisco TelePresence Multipoint Switch contains the following vulnerabilities:
• Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
• Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and

Page 1 of 2
1 2 Next »

Article topics

News · Trends & Advice · Best Practices · Videoconferencing · AV · Video · Products · Videoconferencing · Cisco · Business · Security · Telepresence · View all topics

Comments

Commenting is not available in this channel entry.

Download: Special Report - When and Why to Upgrade Video Projectors for Your Campus

Latest

Products

Guides

Extron Now Shipping VNR 100 VN-Matrix Single Channel Recorder

The device can simultaneously record and playback content.

Gefen Showcases 4K Products at InfoComm 2013

Gefen Debutes Booster for DisplayPort

Panopto Releases Panopto 4-4: Includes iOS App, Capture Device and Editor Tool

Extron Introduces Long Distance DVI Twisted Pair Extender

Extron Now Shipping VNR 100 VN-Matrix Single Channel Recorder

The device can simultaneously record and playback content.

Gefen Showcases 4K Products at InfoComm 2013

Gefen Debutes Booster for DisplayPort

Panopto Releases Panopto 4-4: Includes iOS App, Capture Device and Editor Tool

Extron Introduces Long Distance DVI Twisted Pair Extender

Download: Special Report - When and Why to Upgrade Video Projectors for Your Campus

Download: TechDecisions Guide to Digital Signage Content Management Systems

Download: Deliver Technology Hotel Guests Demand - Digital Media, Control & Automation, AV

Download: How to Save a Lot of Money with Energy and Lighting Devices and Controls

Download: Special Report – Guide to Creating the AV RFP

Features

From our Sponsors

Energy management, remote access, security, automation and control for hospitality — AMX

Download: The New “Green” Shows Real ROI in Facilities — HospitalityTechDecisions

Let TechDecisions help you be successful in your business. Sign up for a TechDecisions newsletter today!

About us

The first set of websites dedicated to address the business needs of professional end-users and facility managers in Corporate, Healthcare, Education, Hospitality and Worship markets.

05-17 5:01: The AV and IT Conversion Conversation http://t.co/r5WOW0kW37 #hospitalityIT #proav

05-17 3:01: Understanding the Costs of Digital Signage http://t.co/92DD5NSuHP #hospitalityIT #avtweeps

05-17 1:02: 5 Quick Tips from Cindy Davis for getting Started with InfoComm 2013 Now http://t.co/AHxdBhIU1I #hospitalityIT

Follow HospitalityTD tweets

Get Email Newsletters