Cisco Releases Security Patches to Correct TelePresence Security Vulnerabilities

Home
- Latest
- All new posts
- Industry press
- Photos
- Videos
- All site topics
- Subscribe via Email
- via Facebook
- via Twitter
- Top story
- Lecture Capture Allows the Professor to Make House Calls
- Latest news
- AVer’s Video Conferencing Bridge Supports Up to 10 Endpoints
  New Digital Projection Program Ditches Lamp Costs
  TechDecisions Guide to 24 Short-throw and Ultra-short-throw Projectors
  More news
Trends & Advice
- By department
- Blogs
- Case Studies
- Best Practices
- ROI
- Tech Trends
- How Tos
- Quick Tips
- Top story
- Is 4K Ready for Your Prime Time?
- Latest trends & advice
- TechDecisions Guide to 24 Short-throw and Ultra-short-throw Projectors
  Best Music Apps for OS X Mac and Windows PC
  Best Internet Radio Apps for iOS and Android
  More trends & advice
Products
- By department
- Latest Products
- A/V Products
- IT Products
- All product topics
- Featured product
- Control4 Debuts Wireless Lighting Control
- Our Sponsors
- AMX
Guides & Reports
- Featured
- Download: Special Report - When and Why to Upgrade Video Projectors for Your Campus
- Latest guides & reports
- Download: TechDecisions Guide to Digital Signage Content Management Systems
  Download: How to Save a Lot of Money with Energy and Lighting Devices and Controls
  Download: Special Report – Guide to Creating the AV RFP
  More guides & reports

The TelePresence product line is open to a variety of attacks.

By Lisa Nadile

July 17, 2012

If you own Cisco Telepresence products, you have some work to do. Cisco quietly released four security advisories that describe the vulnerabilities in its TelePresence line. The vulnerabilities mean outsiders can hack into your videoconferencing system. The problems affect the TelePresence Recording Server, TelePresenceMultiPoint Switch, TelePresence Manager, and all TelePresence Endpoints. In most cases, the advisories direct users to patches that can correct the problem.

Advisory #1

Cisco TelePresence Recording Server contains the following vulnerabilities:
• Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
• Cisco TelePresence Web Interface Command Injection
• Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.

Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported.

There are no workarounds that mitigate these vulnerabilities.

Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.

Advisory #2

Cisco TelePresence Multipoint Switch contains the following vulnerabilities:
• Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
• Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and

Page 1 of 2
1 2 Next »

Article topics

News · Trends & Advice · Best Practices · Videoconferencing · AV · Video · Products · Videoconferencing · Cisco · Business · Security · Telepresence · View all topics

Comments

Commenting is not available in this channel entry.

Download: Special Report - When and Why to Upgrade Video Projectors for Your Campus

Latest

Products

Guides

Lecture Capture Allows the Professor to Make House Calls

A rural, regional university uses videoconferencing to make higher education accessible to remote students.

AVer’s Video Conferencing Bridge Supports Up to 10 Endpoints

New Digital Projection Program Ditches Lamp Costs

Is 4K Ready for Your Prime Time?

TechDecisions Guide to 24 Short-throw and Ultra-short-throw Projectors

AVer’s Video Conferencing Bridge Supports Up to 10 Endpoints

The new EMC1000 allows for video collaboration anywhere and anytime for under $7,500.

New Digital Projection Program Ditches Lamp Costs

TechDecisions Guide to 24 Short-throw and Ultra-short-throw Projectors

Control4 Debuts Wireless Lighting Control

Best Audio Spectrum Analysis Apps for iOS and Android

Download: Special Report - When and Why to Upgrade Video Projectors for Your Campus

Download: TechDecisions Guide to Digital Signage Content Management Systems

Download: How to Save a Lot of Money with Energy and Lighting Devices and Controls

Download: Special Report – Guide to Creating the AV RFP

Special Report: The Impact of AV Over IP for Your Facility

Features

Lecture Capture Allows the Professor to Make House Calls

Is 4K Ready for Your Prime Time?

TechDecisions Guide to 24 Short-throw and Ultra-short-throw Projectors

Best Music Apps for OS X Mac and Windows PC

Best Internet Radio Apps for iOS and Android

Best Audio Spectrum Analysis Apps for iOS and Android

From our Sponsors

Advance your institution with Panasonic visual communication technologies — Panasonic

Need reliable + incredibly bright imagery for your Higher Education venue? Click here. Digital Projection Inc.

AMX Campus: Safe, Green, Connected — AMX

Download: Lecture Capture Planning and Product Guide for Higher Education — HigherEdTechDecisions

Let TechDecisions help you be successful in your business. Sign up for a TechDecisions newsletter today!

About us

The first set of websites dedicated to address the business needs of professional end-users and facility managers in Corporate, Healthcare, Education, Hospitality and Worship markets.

05-16 5:03: What You Need to Know for Lighting Meeting Rooms, Auditoriums and Lecture Halls http://t.co/zoUl2Y3jsb #proav #avtweeps #highered

05-16 3:01: The AV and IT Conversion Conversation http://t.co/2hmcwNNalY #highered #edtech

05-16 1:00: Understanding the Costs of Digital Signage http://t.co/9qFeRJwnLB #highered #digitalsignage #avtweeps

Follow HigherEdTD tweets

Get Email Newsletters