KLA10504 Multiple vulnerabilities in Cisco products

Multiple serious vulnerabilities have been found in Cisco products.

Below is a complete list of vulnerabilities

1. Improper serial port restrictions in Cisco Virtual TelePresence Server Software can be exploited locally via a specially designed OS commands;
2. An unknown vulnerability in Cisco CSS can be exploited remotely via a specially designed SSH packets;
3. Improper DNS implementation in Cisco VDS-IS can be exploited remotely via a specially designed packets;
4. XSS vulnerability in Cisco WebEx Meetings Server can be exploited remotely via an unspecified vectors.

Original advisories

Related products

Cisco-WebEx-Meetings-Server

Cisco-Videoscape-Distribution-Suite-for-Internet-Streaming

Cisco-Virtual-TelePresence-Server

CVE list

CVE-2015-0671 critical

CVE-2015-0668 warning

CVE-2015-0660 high

CVE-2015-0667 critical

Solution

Update to latest version!

Impacts

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• CI

Code injection. Exploitation of vulnerabilities with this impact can lead to changes in target code.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

• Cisco Virtual TelePresence Server Software all versionsCisco Content Services Switch (CSS) 11500 devices versions 8.20.4.02 and earlierCisco Videoscape Distribution Suite for Internet Streaming (VDS-IS) version 3.2Cisco WebEx Meetings Server versions 2.5 and 2.5.99.2