Cisco TelePresence Infrastructure Denial of Service Vulnerability

2013-04-17T16:00:00
ID CISCO-SA-20130417-TPI
Type cisco
Reporter Cisco
Modified 2013-04-17T13:28:46

Description

A vulnerability in the digital signal processor (DSP) card could allow an unauthenticated, remote attacker to cause a crash of the DSP card which will trigger a reload of the affected system.

The vulnerability is due to insufficient validation of a malformed H.264 bit stream that is transported in a Real-Time Transport Protocol (RTP) packet payload. An attacker could exploit this vulnerability by injecting RTP packets with a malformed H.264 bit stream into an established Session Initiation Protocol (SIP) or H.323 session. An exploit could allow the attacker to cause the reload of the affected system.

Cisco TelePresence multipoint control unit (MCU) and Cisco TelePresence Server contain a vulnerability that could allow an unauthenticated, remote attacker to trigger the reload of an affected system.

Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130417-tpi"]