Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.0635 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software 1 May 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco TelePresence TC and TE Software Publisher: Cisco Systems Operating System: Cisco Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Root Compromise -- Existing Account Denial of Service -- Remote/Unauthenticated Unauthorised Access -- Console/Physical Resolution: Patch/Upgrade CVE Names: CVE-2014-2175 CVE-2014-2173 CVE-2014-2172 CVE-2014-2171 CVE-2014-2170 CVE-2014-2169 CVE-2014-2168 CVE-2014-2167 CVE-2014-2166 CVE-2014-2165 CVE-2014-2164 CVE-2014-2163 CVE-2014-2162 CVE-2014-0160 Reference: ASB-2014.0042 ESB-2014.0457 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Multiple Vulnerabilities in Cisco TelePresence TC and TE Software Advisory ID: cisco-sa-20140430-tcte Revision 1.0 For Public Release 2014 April 30 16:00 UTC (GMT) Summary ======= Cisco TelePresence TC and TE Software are affected by the following vulnerabilities: Six Session Initiation Protocol (SIP) denial of service vulnerabilities Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability Cisco TelePresence TC and TE Software Input Validation Vulnerability Cisco TelePresence TC and TE Software tshell Command Injection Vulnerability Cisco TelePresence TC and TE Software Heap Overflow Vulnerability Cisco TelePresence TC and TE Software U-Boot Buffer Overflow Vulnerability Cisco TelePresence TC and TE Software Unauthenticated Serial Port Access Vulnerability Cisco TelePresence TC H.225 Denial of Service Vulnerability Successful exploitation of these vulnerabilities could allow an attacker to cause the affected system to reload, execute arbitrary commands or obtain privileged access to the affected system. Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160 (also known as Heartbleed). For additional information on Cisco products affected by the Heartbleed vulnerability, refer to the Cisco Security Advisory available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte - -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.22 (Darwin) Comment: GPGTools - http://gpgtools.org iQIcBAEBAgAGBQJTYR4LAAoJEIpI1I6i1Mx3TJYQAKPF2T8b5PUVB6SfesgPMAjc V/YIgeSzoMNsEZvZgoM2Qvjdx03j4PvHj+ecQgqxEzYoHGXwKxhT64kOl9atmQac Xxms2GRkoDtrBZYBo1mbNSgbAR/eCe7iFsBrz23ciJax38VO4bxmuhtRMzZJcu/w 6mGXcbNqiEY+v42FkX7PeeWSCeepu0SDxF68QHsEOh3YGhI1BZ2nTBhNedlSdRJu UKwMxbnj/qpX9NUwkYluKFmgQjZ3ZuImnZT2HjlWunksFPo2BCKSLDX5lufiLjog 5hR+vWPMsA/napuJ9tPZUpyikTXwm2iej8hPqWAERzF2WHbXsWjS7HvOFU0A9hX6 9n8ey0B9rxZzM7+8B10bqveF3FaAfY6Ilc3t2aRxH52IZdj1mN7CeGkbyMXQvuae JPH+7F8xIbDoQvalmGFtTqgDmjZyxW+UXALfqcjmePJdvYGKIvr8MuG2s/fP8sYa IDMRRKVxE1gCjER8Hjp7CVOUsNsPB+fnDZFB84sKcAeKSRhDjNjodAwhXfBBwQrv iK0t6AHtiIabsQw+OyOvQWeaZPx1ltjJkD+iLl7CGlZrde8vop26RScCp2IQRUsp sUIdYFaUnf8xkZVgjljoNOZBBBH4Frb0N2kiW/9EmS/A/azOupJEguI7WaEoYdDU VDEhLhJG9uTVJAdPsEEy =e0Do - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU2Gt9xLndAQH1ShLAQLyNA//dUKCtEI2wdPSNSyo1qEGsq1UeSyPsu+k sUL8l7HWSTpuxvjaPO5xP/5/q0oYZ5dbgFpRDgSzhNDX4fruX5rcOqYlW4vs5QlA dJjOCr1xzLYqvMuP/7yTzvN/rmjwNGKhJldG4iM5QK2NvJaJnj7vmvRwAt6Mabxl P+ZCW6KF0wDBuCysB2t2IxEWN18jgmXYCWeA+vrLf3MA2yyQwSff6r7PTqBYaefF DDdrLnw40e0oFmARLSXA7ZL+/5D7MZmwuYbBOCvjxTdA6D4wZQITfLJ5EEFgKGzn smRGDV9uXxAsUs+NshyOk79iZzFCfK52SB3rjqUelzmxaNplSi/GkVHrLV4yT1Af n1hlfYTrgmGhapVRsByhStfjlkEnZcyvW2Bdm6zZphjXX0DGZZ2pG6MaoBks39vz HCCThP7A9TvY6d//7qsbzcmqdTK7IIXYrMZV2jjh6cKtSt8DeCqlXzhBuajrnCjd +eiqYJBCHw/pbqVMlOeHikdz5t5QV+oLtToqvhyBuuVrKCPG8fgFHWA/JBDP61zP hUBtrUhlapmdSqIaApkD5tg/JQcaxsB4jyZUBzHKcfUU/giP9cY91Y5daGmpe81O cA/xVcy/S0Gb3kU8IgZTgPhJDQx0CYtgW61zIFC5IV6xOumHVlIOY2sgAmPHCfSO tdmG4XWgcD0= =ewTx -----END PGP SIGNATURE-----