Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

2014-04-30T16:00:00
ID CISCO-SA-20140430-TCTE
Type cisco
Reporter Cisco
Modified 2014-04-30T15:02:34

Description

A vulnerability in the authentication code of Cisco TelePresence TC and TE Software could allow an unauthenticated, local attacker to connect to the serial port and obtain privileged access to the affected system.

The vulnerability is due to the improper implementation of authentication and authorization controls for the serial port. An attacker could exploit this vulnerability by connecting to the affected port and run a series of commands.

A vulnerability in the implementation of executable utilities that use the universal bootloader (u-boot) compiler of Cisco TelePresence TC and TE Software could allow an authenticated, local attacker to create a buffer overflow and possibly execute arbitrary code on the affected system.

The vulnerability is due to the improper implementation of internal executable files when the u-boot compiler flag is defined. An attacker could exploit this vulnerability by accessing the affected system command-line interface (CLI) and try to run the affected executable files.

A vulnerability in the H.225 code of Cisco TelePresence TC Software could allow an unauthenticated, remote attacker to cause the affected system to exhaust the available memory and to reload.

The vulnerability is due to the improper handling of crafted or malformed H.225 packets. An attacker could exploit this vulnerability by sending crafted packets to the affected system.

A vulnerability in the SIP code of Cisco TelePresence TC and TE Software could allow an unauthenticated, remote attacker to cause the affected system to become unresponsive and reload.

The vulnerability is due to improper handling of crafted or malformed SIP packets. An attacker could exploit this vulnerability by sending crafted packets to the affected system.

A vulnerability in the SIP code of Cisco TelePresence TC and TE Software could allow an unauthenticated, remote attacker to create a heap overflow condition. This condition could allow the attacker to execute arbitrary code or cause the affected system to reload.

The vulnerability is due to improper handling of crafted SIP packets. An attacker could exploit this vulnerability by sending crafted SIP packets to the affected system.

A vulnerability in the implementation of internal system scripts of the Cisco TelePresence TC and TE Software could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privilege of the root user.

The vulnerability is due to the improper validation of parameters passed to the affected system scripts. An attacker could exploit this vulnerability by passing arbitrary commands as arguments to the affected scripts.

A vulnerability in the implementation of several system scripts of Cisco TelePresence TC and TE Software could allow an authenticated, remote attacker to inject arbitrary commands with the privileges of the root user via tshell (tcsh).

The vulnerability is due to the improper implementation of the code in several scripts that can be executed on the affected system. An attacker could exploit this vulnerability by passing arbitrary commands while executing the affected scripts.

A vulnerability in the implementation of the DNS code of Cisco TelePresence TC and TE Software could allow an unauthenticated, remote attacker to create a buffer overflow and execute arbitrary code.

The vulnerability is due to insufficient bounds check on variables. An attacker could exploit this vulnerability by injecting crafted DNS response packets.

Cisco TelePresence TC and TE Software are affected by the following vulnerabilities:

Six Session Initiation Protocol (SIP) denial of service vulnerabilities
Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability
Cisco TelePresence TC and TE Software Input Validation Vulnerability
Cisco TelePresence TC and TE Software tshell Command Injection Vulnerability
Cisco TelePresence TC and TE Software Heap Overflow Vulnerability
Cisco TelePresence TC and TE Software U-Boot Buffer Overflow Vulnerability
Cisco TelePresence TC and TE Software Unauthenticated Serial Port Access Vulnerability
Cisco TelePresence TC H.225 Denial of Service Vulnerability

Successful exploitation of these vulnerabilities could allow an attacker to cause the affected system to reload, execute arbitrary commands or obtain privileged access to the affected system.

Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160 (also known as Heartbleed). For additional information on Cisco products affected by the Heartbleed vulnerability, refer to the Cisco Security Advisory available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed"]

Cisco has released software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte"]