Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

2015-05-13T16:00:00
ID CISCO-SA-20150513-TC
Type cisco
Reporter Cisco
Modified 2015-05-13T15:00:53

Description

A vulnerability in the authentication code of Cisco TelePresence TC and TE Software could allow an unauthenticated attacker within the broadcast or collision domains, or with physical access to the system, to bypass authentication and obtain root user access to the affected system.

The vulnerability is due to the improper implementation of authentication and authorization controls for internal services. An attacker could exploit this vulnerability by connecting to the affected service.

A vulnerability in the network drivers of Cisco TelePresence TC and TE Software could allow an unauthenticated, remote attacker to cause several processes to restart and possibly reload the affected system.

The vulnerability is due to insufficient implementation of flood controls. An attacker could exploit this vulnerability by sending crafted IP packets at a high rate.

Cisco TelePresence TC and TE Software contains the following vulnerabilities:

Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability
Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability

Successful exploitation of the Cisco TelePresence TC and TE Software Authentication Bypass Vulnerability could allow an attacker to bypass system authentication and access the device with the privileges of the root user.

Successful exploitation of the Cisco TelePresence TC and TE Software Crafted Packets Denial of Service Vulnerability could allow an attacker to restart several processes and possibly trigger a reload of the affected system.

Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150513-tc"]