Cisco TelePresence System t-shell Denial of Service Vulnerability

ID CISCO-SA-20130529-CVE-2013-1246
Type cisco
Reporter Cisco
Modified 2013-05-29T18:39:44


A vulnerability in the t-shell implementation of Cisco TelePresence System Software could allow an authenticated, remote attacker to exhaust the available memory and create a denial of service (DoS) condition.

The vulnerability is due to improper handling of orphaned t-shell sessions. An attacker could exploit this vulnerability by opening several Secure Shell (SSH) sessions with the affected system. An exploit could allow the attacker to consume available memory; therefore, the affected system may become unreachable and unable to function properly. A hard reboot is needed to restore complete functionality.

Cisco has confirmed the vulnerability in a Security Notice and software updates are available.

To exploit this vulnerability, the attacker must authenticate to a targeted system. This access requirement limits the possibility of a successful exploit.

Customers are advised to review the bug report in the "Vendor Announcements" section for a current list of affected versions.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.