Cisco TelePresence Server Denial of Service Vulnerability

2015-09-16T16:00:00
ID CISCO-SA-20150916-TPS
Type cisco
Reporter Cisco
Modified 2015-09-16T14:23:05

Description

A vulnerability in the Conference Control Protocol API of Cisco TelePresence Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

The vulnerability is likely to result in only a DoS condition due to input sanitization performed on the user-supplied data before it is copied into the affected buffer. An attacker could exploit this vulnerability by providing a crafted URL that is designed to trigger the overflow condition.

Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

Cisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"]