Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

2015-05-1316:00:00

tools.cisco.com

CVSS2

8.3

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.002

Percentile

61.9%

JSON

Cisco TelePresence TC and TE Software contains the following vulnerabilities:

Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability
Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability

Successful exploitation of the Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability could allow an attacker to bypass
system authentication and access the device with the privileges of the root user.

Successful
exploitation of the Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability could allow an attacker to
restart several processes and possibly trigger a reload of the
affected system.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
This advisory is available at the following link:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc[“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc”]

Affected configurations

Vulners

Node

ciscotelepresence_tc_softwareMatchany

ciscotelepresence_te_softwareMatchany

ciscotelepresence_tc_softwareMatchany

ciscotelepresence_te_softwareMatchany

VendorProductVersionCPE
ciscotelepresence_tc_softwareanycpe:2.3:a:cisco:telepresence_tc_software:any:*:*:*:*:*:*:*
ciscotelepresence_te_softwareanycpe:2.3:a:cisco:telepresence_te_software:any:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	telepresence_tc_software	any	cpe:2.3:a:cisco:telepresence_tc_software:any:::::::*
cisco	telepresence_te_software	any	cpe:2.3:a:cisco:telepresence_te_software:any:::::::*