Lucene search

K
ciscoCiscoCISCO-SA-20120711-CTSMAN
HistoryJul 11, 2012 - 4:00 p.m.

Multiple Vulnerabilities in Cisco TelePresence Manager

2012-07-1116:00:00
tools.cisco.com
14

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.019

Percentile

88.6%

Cisco TelePresence Manager contains the following vulnerabilities:

 Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability 

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition,
causing the product to become unresponsive to new connection requests and
potentially leading to termination services and processes.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute
arbitrary code with elevated privileges.

Cisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman”]

Affected configurations

Vulners
Node
ciscotelepresence_recording_serverMatchany
OR
ciscotelepresence_managerMatchany
OR
ciscotelepresence_multipoint_switchMatchany
OR
ciscotelepresence_recording_serverMatchany
OR
ciscotelepresence_managerMatchany
OR
ciscotelepresence_multipoint_switchMatchany
VendorProductVersionCPE
ciscotelepresence_recording_serveranycpe:2.3:h:cisco:telepresence_recording_server:any:*:*:*:*:*:*:*
ciscotelepresence_manageranycpe:2.3:a:cisco:telepresence_manager:any:*:*:*:*:*:*:*
ciscotelepresence_multipoint_switchanycpe:2.3:h:cisco:telepresence_multipoint_switch:any:*:*:*:*:*:*:*

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.019

Percentile

88.6%

Related for CISCO-SA-20120711-CTSMAN