-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0634
     Multiple Vulnerabilities in Cisco TelePresence System MXP Series
                                1 May 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco TelePresence System MXP Series
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-2161 CVE-2014-2160 CVE-2014-2159
                   CVE-2014-2158 CVE-2014-2157 CVE-2014-2156
                   CVE-2014-0160  

Reference:         ASB-2014.0042
                   ESB-2014.0457

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco TelePresence System MXP Series

Advisory ID: cisco-sa-20140430-mxp

Revision 1.0

For Public Release 2014 April 30 16:00  UTC (GMT)

Summary
=======

Cisco TelePresence System MXP Series Software contains the following vulnerabilities:
	Three SIP denial of service vulnerabilities
	Three H.225 denial of service vulnerabilities

Successful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected system to reload.

Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160  (also known as Heartbleed).  For additional information regarding Cisco products affected by the Heartbleed vulnerability, refer to the Cisco Security Advisory available at the following link:  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed

Cisco has released free software updates that address these vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTYR4GAAoJEIpI1I6i1Mx3uZMP/R5dy6VQ54g0W2niaUcTStr9
s/7SAcSY9D2RIBB9P/Z11aA3gSa7a59Ee4Cx9BCw6oW+FEg1WkUS0zxYcMps4N7p
mAtdedibXPZzEkzkkAoWlJ9d7ZCzmcXRGtd1Q7xR/+5t/kDBRehcswyal5DF1zdZ
hTaOAem71bu0AMsR1TJqOPyvkL2Mo5HLdoX4USS+3NpFeRkd3n+W9L9Y1BZnJkZZ
UUABeFVt07pabCdx+XvLhwUZX4FlJ+VNPg8TTmZ3UyaRTzg+vzGW+ehnq430fivD
wuDvcUwqacJhKqneKRAcQwqHcYV//SCoWsfzKU6hmStbLLGuBWtPQCKIYf5AOGU0
omTsivEsMKsFYfY6QNuMZVxWBL4+2c/AZm1deqJGDK7acKlBDqPcMQh5ajUJhjAb
yFAxuD5328GF0qvuz+TdW70c/ycL1KBF5GGycQ/sBaLFICseGSUZB1sbbt2/zMig
I7WHVTRvMyYiaUpJWtC5SnVXw6JvdF6Jg2UznYZWSxW+aFzv6wlgfOHFHdSgr5Ut
FdwNXul2kQ2jEAIc/1/epV4c/JuAq2xniHqSPQ1vzEWhdht0YcxTnesiN6mLazF6
2lZl09JzjtiVo7HdnrKRnOXhw1fJ2lktVd5os6l2uGfE2cQ5jX43pFvD+vdBn5Z5
SBZPfxs0xeOXar+k1RfT
=ZX9C
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU2GrZhLndAQH1ShLAQLlNw//ahy63OcrCh/HZQs3RwhO0SO5Affzslkq
DTOSmWBoC2KcFunEVIC+NPq82DdWO1wSmjKd2fUMBkY687dqu+6h4Mlb/E2Io5aN
QwmNlL9eu19gkjaHHAZaDHOr9St5vYsWmCCR6JNNrTJtYBSKG1+4IeNsmdyTqmQ5
jQybUqWHt+e2iUoQOE0rs6Kq9Z98IMDHLuaiNmEYPzjv7YArXd0ab2seDCgv1Iui
I71rtXyyhO0SD3fPSLEx/EUh/O0XeKwES+G5MiM1eXbBtXixJEXppLMKmWhx4HDS
JSeDFEefNvWsZyAU3mIuw5OaIim8twbRnd0PR90ZeA6PaChoS6uVI21Sa9mpGQAY
te4kcVNqve5lWTyz7EEnLP4eIZ269iMck02010X43MdJdMwzztE+k27wlSsXMewo
svgbGqaSkhRYWrnEp/BBDCAydm9v53BRCVKPKdc0xRWhgGCnIMrMv2kjAFL9Eco+
UY55D9WqAcWct0b3VLWz3GJoYn1671uS1cdaB5XRbk8+b0wNiQ51K+e1VyCNNbC2
Ullzin9v+oVM2PzY1vESDstxvDT6w8576RgiWCxPCOqo7Dfe0lOqSuLkC00p8Kbv
DQwyDBNJUpmhbPu1+qO+ugBOB+JItsar4fOdv5iP6zgQOtFtsLZOFJ8C9/Xt1yk9
oHZ6tMlbnck=
=GwpR
-----END PGP SIGNATURE-----