A vulnerability in the Conference Control Protocol API of Cisco TelePresence Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
The vulnerability is likely to result in only a DoS condition due to input sanitization performed on the user-supplied data before it is copied into the affected buffer. An attacker could exploit this vulnerability by providing a crafted URL that is designed to trigger the overflow condition.
Cisco TelePresence Server contains a buffer overflow vulnerability in the Conference Control Protocol API that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
Cisco has released software updates that address this vulnerability. No workarounds that mitigate this vulnerability are available.
This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150916-tps"]