Operating System:

[Cisco]

Published:

01 May 2014

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ESB-2014.0635 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.0635
     Multiple Vulnerabilities in Cisco TelePresence TC and TE Software
                                1 May 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco TelePresence TC and TE Software
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Execute Arbitrary Code/Commands -- Remote/Unauthenticated
                   Root Compromise                 -- Existing Account      
                   Denial of Service               -- Remote/Unauthenticated
                   Unauthorised Access             -- Console/Physical      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-2175 CVE-2014-2173 CVE-2014-2172
                   CVE-2014-2171 CVE-2014-2170 CVE-2014-2169
                   CVE-2014-2168 CVE-2014-2167 CVE-2014-2166
                   CVE-2014-2165 CVE-2014-2164 CVE-2014-2163
                   CVE-2014-2162 CVE-2014-0160 

Reference:         ASB-2014.0042
                   ESB-2014.0457

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

Advisory ID: cisco-sa-20140430-tcte

Revision 1.0

For Public Release 2014 April 30 16:00  UTC (GMT)

Summary
=======

Cisco TelePresence TC and TE Software are affected by the following vulnerabilities:
	Six Session Initiation Protocol (SIP) denial of service vulnerabilities
	Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability
	Cisco TelePresence TC and TE Software Input Validation Vulnerability
	Cisco TelePresence TC and TE Software tshell Command Injection Vulnerability
	Cisco TelePresence TC and TE Software Heap Overflow Vulnerability
	Cisco TelePresence TC and TE Software U-Boot Buffer Overflow Vulnerability
	Cisco TelePresence TC and TE Software Unauthenticated Serial Port Access Vulnerability
	Cisco TelePresence TC H.225 Denial of Service Vulnerability

Successful exploitation of these vulnerabilities could allow an attacker to cause the affected system to reload, execute arbitrary commands or obtain privileged access to the affected system.

Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160  (also known as Heartbleed).  For additional information on Cisco products affected by the Heartbleed vulnerability, refer to the Cisco Security Advisory available at the following link:  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed


Cisco has released free software updates that address these vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - http://gpgtools.org

iQIcBAEBAgAGBQJTYR4LAAoJEIpI1I6i1Mx3TJYQAKPF2T8b5PUVB6SfesgPMAjc
V/YIgeSzoMNsEZvZgoM2Qvjdx03j4PvHj+ecQgqxEzYoHGXwKxhT64kOl9atmQac
Xxms2GRkoDtrBZYBo1mbNSgbAR/eCe7iFsBrz23ciJax38VO4bxmuhtRMzZJcu/w
6mGXcbNqiEY+v42FkX7PeeWSCeepu0SDxF68QHsEOh3YGhI1BZ2nTBhNedlSdRJu
UKwMxbnj/qpX9NUwkYluKFmgQjZ3ZuImnZT2HjlWunksFPo2BCKSLDX5lufiLjog
5hR+vWPMsA/napuJ9tPZUpyikTXwm2iej8hPqWAERzF2WHbXsWjS7HvOFU0A9hX6
9n8ey0B9rxZzM7+8B10bqveF3FaAfY6Ilc3t2aRxH52IZdj1mN7CeGkbyMXQvuae
JPH+7F8xIbDoQvalmGFtTqgDmjZyxW+UXALfqcjmePJdvYGKIvr8MuG2s/fP8sYa
IDMRRKVxE1gCjER8Hjp7CVOUsNsPB+fnDZFB84sKcAeKSRhDjNjodAwhXfBBwQrv
iK0t6AHtiIabsQw+OyOvQWeaZPx1ltjJkD+iLl7CGlZrde8vop26RScCp2IQRUsp
sUIdYFaUnf8xkZVgjljoNOZBBBH4Frb0N2kiW/9EmS/A/azOupJEguI7WaEoYdDU
VDEhLhJG9uTVJAdPsEEy
=e0Do
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBU2Gt9xLndAQH1ShLAQLyNA//dUKCtEI2wdPSNSyo1qEGsq1UeSyPsu+k
sUL8l7HWSTpuxvjaPO5xP/5/q0oYZ5dbgFpRDgSzhNDX4fruX5rcOqYlW4vs5QlA
dJjOCr1xzLYqvMuP/7yTzvN/rmjwNGKhJldG4iM5QK2NvJaJnj7vmvRwAt6Mabxl
P+ZCW6KF0wDBuCysB2t2IxEWN18jgmXYCWeA+vrLf3MA2yyQwSff6r7PTqBYaefF
DDdrLnw40e0oFmARLSXA7ZL+/5D7MZmwuYbBOCvjxTdA6D4wZQITfLJ5EEFgKGzn
smRGDV9uXxAsUs+NshyOk79iZzFCfK52SB3rjqUelzmxaNplSi/GkVHrLV4yT1Af
n1hlfYTrgmGhapVRsByhStfjlkEnZcyvW2Bdm6zZphjXX0DGZZ2pG6MaoBks39vz
HCCThP7A9TvY6d//7qsbzcmqdTK7IIXYrMZV2jjh6cKtSt8DeCqlXzhBuajrnCjd
+eiqYJBCHw/pbqVMlOeHikdz5t5QV+oLtToqvhyBuuVrKCPG8fgFHWA/JBDP61zP
hUBtrUhlapmdSqIaApkD5tg/JQcaxsB4jyZUBzHKcfUU/giP9cY91Y5daGmpe81O
cA/xVcy/S0Gb3kU8IgZTgPhJDQx0CYtgW61zIFC5IV6xOumHVlIOY2sgAmPHCfSO
tdmG4XWgcD0=
=ewTx
-----END PGP SIGNATURE-----