Aug
8
2012

July 2012: four Cisco vulnerabilities

The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories:

  • Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
  • Multiple Vulnerabilities in Cisco TelePresence Manager
  • Multiple Vulnerabilities in Cisco TelePresence Recording Server
  • Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch

Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
Cisco TelePresence Endpoint devices contain the following vulnerabilities:

  • Cisco TelePresence API Remote Command Execution Vulnerability
  • Cisco TelePresence Remote Command Execution Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch, and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities that are described in this security advisory.

Details
This section gives additional information for each of the vulnerabilities affecting Cisco TelePresence Immersive Endpoint Devices.

  • Cisco TelePresence API Remote Command Execution Vulnerability: A remote command injection vulnerability exists in one of the Cisco TelePresence APIs that are hosted on the immersive endpoint devices. This issue if exploited could allow an unauthenticated attacker in an adjacent context to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker must have the ability to submit a malformed request to TCP port 61460 from a physical or logical Layer 3 adjacent context. A three-way handshake is required to exploit this vulnerability.
  • Cisco TelePresence Remote Command Execution Vulnerability: A remote command injection vulnerability exists in the Cisco TelePresence administrative web interface that is hosted on the immersive endpoint devices. If exploited, this issue could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges. An attacker must have the ability to submit a malformed request to TCP port 443. A three-way handshake is required to exploit this vulnerability.
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability: A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.

Impact
Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary commands or code on an affected device with elevated privileges. This action could allow the attacker to completely compromise the affected device.

Link: http://tools.cisco.com/…/cisco-sa-20120711-cts

Multiple Vulnerabilities in Cisco TelePresence Manager
Cisco TelePresence Manager contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities that are described in this security advisory.

Details
This section provides additional information for each vulnerability that affects Cisco TelePresence Manager.

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability: A vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability: A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.

Impact
Successful exploitation of the vulnerabilities may cause a DoS condition where the product becomes unresponsive to new connection requests and potentially leading to termination services and processes or to execute arbitrary code with elevated privileges.

Link: http://tools.cisco.com/…/cisco-sa-20120711-ctsman

Multiple Vulnerabilities in Cisco TelePresence Recording Server
Cisco TelePresence Recording Server contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Web Interface Command Injection
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch, and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities described in this security advisory.

Details
This section gives additional information for each of the vulnerabilities affecting Cisco TelePresence Recording Server.

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability: A vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.
  • Cisco TelePresence Web Interface Command Injection: A vulnerability exists in the administrative web interface that could allow an authenticated, remote attacker to perform a command injection attack. An attacker could leverage this issue to send malicious requests to the device that, when processed, could allow the attacker to execute arbitrary commands with elevated privileges.
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability: A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.

Impact
Successful exploitation of these vulnerabilities may cause a denial of service condition where the product does not respond to new connection requests and potentially crash some of the services and processes, or allow an attacker to execute arbitrary code or commands with elevated privileges.

Link: http://tools.cisco.com/…/cisco-sa-20120711-ctrs

Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch
Cisco TelePresence Multipoint Switch contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities that are described in this security advisory. The following tables contain specific information for each vulnerability.

Details
This section provides additional information for each vulnerability that affects Cisco TelePresence Multipoint Switch.

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability: A vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability: A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.

Impact
Successful exploitation of the vulnerabilities may cause a DoS condition where the product becomes unresponsive to new connection requests and potentially leading to termination services and processes or to execute arbitrary code with elevated privileges.

Link: http://tools.cisco.com/…/cisco-sa-20120711-ctms

Summary
Article Name
July 2012: four Cisco vulnerabilities
Description
July 2012: The Cisco Product Security Incident Response Team (PSIRT) has published four important vulnerability advisories.
Author