Security Advisory

July 2012: four Cisco vulnerabilities

By Fabio Semperboni

The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories:

  • Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
  • Multiple Vulnerabilities in Cisco TelePresence Manager
  • Multiple Vulnerabilities in Cisco TelePresence Recording Server
  • Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch

Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
Cisco TelePresence Endpoint devices contain the following vulnerabilities:

  • Cisco TelePresence API Remote Command Execution Vulnerability
  • Cisco TelePresence Remote Command Execution Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch, and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities that are described in this security advisory.

Details
This section gives additional information for each of the vulnerabilities affecting Cisco TelePresence Immersive Endpoint Devices.

  • Cisco TelePresence API Remote Command Execution Vulnerability: A remote command injection vulnerability exists in one of the Cisco TelePresence APIs that are hosted on the immersive endpoint devices. This issue if exploited could allow an unauthenticated attacker in an adjacent context to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker must have the ability to submit a malformed request to TCP port 61460 from a physical or logical Layer 3 adjacent context. A three-way handshake is required to exploit this vulnerability.
  • Cisco TelePresence Remote Command Execution Vulnerability: A remote command injection vulnerability exists in the Cisco TelePresence administrative web interface that is hosted on the immersive endpoint devices. If exploited, this issue could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker must have the ability to submit a malformed request to TCP port 443. A three-way handshake is required to exploit this vulnerability.
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability: A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.

Impact
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands or code on an affected device with elevated privileges. This action could allow the attacker to completely compromise the affected device.

Link: http://tools.cisco.com/…/cisco-sa-20120711-cts

Multiple Vulnerabilities in Cisco TelePresence Manager
Cisco TelePresence Manager contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities that are described in this security advisory.

Details
This section provides additional information for each vulnerability that affects Cisco TelePresence Manager.

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability: A vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability: A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.

Impact
Successful exploitation of the vulnerabilities may cause a DoS condition where the product becomes unresponsive to new connection requests and potentially leading to termination services and processes or to execute arbitrary code with elevated privileges.

Link: http://tools.cisco.com/…/cisco-sa-20120711-ctsman

Multiple Vulnerabilities in Cisco TelePresence Recording Server
Cisco TelePresence Recording Server contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Web Interface Command Injection
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch, and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities described in this security advisory.

Details
This section gives additional information for each of the vulnerabilities affecting Cisco TelePresence Recording Server.

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability: A vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.
  • Cisco TelePresence Web Interface Command Injection: A vulnerability exists in the administrative web interface that could allow an authenticated, remote attacker to perform a command injection attack. An attacker could leverage this issue to send malicious requests to the device that, when processed, could allow the attacker to execute arbitrary commands with elevated privileges.
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability: A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.

Impact
Successful exploitation of these vulnerabilities may cause a denial of service condition where the product does not respond to new connection requests and potentially crash some of the services and processes, or allow an attacker to execute arbitrary code or commands with elevated privileges.

Link: http://tools.cisco.com/…/cisco-sa-20120711-ctrs

Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
Cisco TelePresence Multipoint Switch contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities that are described in this security advisory. The following tables contain specific information for each vulnerability.

Details
This section provides additional information for each vulnerability that affects Cisco TelePresence Multipoint Switch.

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability: A vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability: A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.

Impact
Successful exploitation of the vulnerabilities may cause a DoS condition where the product becomes unresponsive to new connection requests and potentially leading to termination services and processes or to execute arbitrary code with elevated privileges.

Link: http://tools.cisco.com/…/cisco-sa-20120711-ctms

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous article
June 2012: four Cisco vulnerabilities
Next article
WhoisUP – Is your host up or down?

Popular posts

802.1X Deployment Guide: Interface configuration

Tutorial
In a previous post, I explained how to configure dot1x in a switch global configuration. In this article, I'll explain the best practice about...

802.1X Deployment Guide: Global configuration

Tutorial
In the previous article, I illustrated what are the dot1x and the benefits related to it. Just to remember that 802.1X authentication involves three...

Using NPS to manage Cisco devices

Tutorial
In a a previous article, I illustated how to configure Radius server on Cisco switch/router. In this tutorial, I explain how to install and...

NAT and PAT: a complete explanation

Tutorial
Network address translation (NAT) is the process of modifying IP address information in IP packet headers while in transit across a traffic routing device. There...

How to trace MAC address

Tutorial
Traceroute is a tool for measuring the route path and transit times of packets across an Internet Protocol (IP) network. Traceroute sends a sequence of...

StackWise Virtual on Catalyst 9500

Tutorial
During the Cisco Live 2016 in Las Vegas, Cisco presented the new feature named "StackWise virtual" supported by the IOS XE Denali in the...

How to log everything with SecureCRT

Tutorial
Unlike my technical articles about configurations, protocols and so on, in this tutorial I will explain how to log automatically all SecureCRT sessions. For those...

How to upgrade a Cisco stack

Tutorial
One of the task of a good Network engineer is to update the Cisco IOS to avoid bugs and to have new features; but...

Upgrade Catalyst 9000 series

Tutorial
In the past, upgrade a switch was very easy: upload the IOS file (a .bin file), change the bootvar and reload the switch; then...

Friends

Copyright © 2008 - 2022 Ciscozine.
All rights reserved.