Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability

2016-04-06T16:00:00
ID CISCO-SA-20160406-CTS2
Type cisco
Reporter Cisco
Modified 2016-04-06T15:06:57

Description

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device.

The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability by submitting malformed STUN packets to the device. If successful, the attacker could force the device to reload and drop all calls in the process.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2"]