Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Cisco TelePresence TC and TE Software are affected by the following vulnerabilities:

Six Session Initiation Protocol (SIP) denial of service vulnerabilities
Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability
Cisco TelePresence TC and TE Software Input Validation Vulnerability
Cisco TelePresence TC and TE Software tshell Command Injection Vulnerability
Cisco TelePresence TC and TE Software Heap Overflow Vulnerability
Cisco TelePresence TC and TE Software U-Boot Buffer Overflow Vulnerability
Cisco TelePresence TC and TE Software Unauthenticated Serial Port Access Vulnerability
Cisco TelePresence TC H.225 Denial of Service Vulnerability 

Successful exploitation of these vulnerabilities could allow an attacker to cause the affected system to reload, execute arbitrary commands or obtain privileged access to the affected system.

Note: This security advisory does not provide information about
the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160 (also known as Heartbleed).
For additional information on Cisco products affected by the Heartbleed
vulnerability, refer to the Cisco Security Advisory available at the
following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed”]

Cisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte”]