Cisco TelePresence logo

Cisco has patched several vulnerabilities in its TelePresence products :

CVE-2014-2174 Remote Root Access
CVE-2015-0713 Privilege Escalation
CVE-2015-0722 DoS

CVE-2014-2174 Remote Root Access – Details :

A vulnerability in the authentication code of Cisco TelePresence TC and TE Software could allow an unauthenticated attacker within the broadcast or collision domains, or with physical access to the system, to bypass authentication and obtain root user access to the affected system.

The vulnerability is due to the improper implementation of authentication and authorization controls for internal services. An attacker could exploit this vulnerability by connecting to the affected service.

CVE-2015-0722 DoS – Details :

A vulnerability in the network drivers of Cisco TelePresence TC and TE Software could allow an unauthenticated, remote attacker to cause several processes to restart and possibly reload the affected system.

The vulnerability is due to insufficient implementation of flood controls. An attacker could exploit this vulnerability by sending crafted IP packets at a high rate.

CVE-2015-0713 Privilege Escalation – Details :

in the web framework of multiple Cisco TelePresence products could allow an authenticated, remote attacker to inject arbitrary commands that are executed with the privileges of the root user.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the affected parameter in a web page.

Administrative privileges are required in order to access the affected parameter.

The CVSS score is 9.0

The following products are affected :

  • Cisco TelePresence Advanced Media Gateway Series
  • Cisco TelePresence IP Gateway Series
  • Cisco TelePresence IP VCR Series
  • Cisco TelePresence ISDN Gateway
  • Cisco TelePresence MCU 4200 Series
  • Cisco TelePresence MCU 4500 Series
  • Cisco TelePresence MCU 5300 Series
  • Cisco TelePresence MCU MSE 8420
  • Cisco TelePresence MCU MSE 8510
  • Cisco TelePresence Serial Gateway Series
  • Cisco TelePresence Server 7010
  • Cisco TelePresence Server MSE 8710
  • Cisco TelePresence Server on Multiparty Media 310
  • Cisco TelePresence Server on Multiparty Media 320
  • Cisco TelePresence Server on Virtual Machine

 

NO COMMENTS