Operating System:

[Cisco]

Published:

16 October 2014

Protect yourself against future threats.

//Service

Malicious URL Feed

Add this Australian-based feed to your firewall blacklist and SIEM to prevent compromises to your network.

Read more
Resources > Security Bulletins > ESB-2014.1861 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1861
      Cisco TelePresence MCU Software Memory Exhaustion Vulnerability
                              16 October 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco TelePresence MCU Software
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-3397  

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco TelePresence MCU Software Memory Exhaustion Vulnerability

Advisory ID: cisco-sa-20141015-mcu

Revision 1.0

For Public Release 2014 October 15 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the network stack of Cisco TelePresence MCU Software could allow an unauthenticated, remote attacker to cause the exhaustion of available memory which could lead to system instability and a reload of the affected system.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVD6PuopI1I6i1Mx3AQIoTA/8CLL2URdaLZq8admPaFm/i4tVWu890ZSr
IhV68RhjbDUQMAhRb8XldfizlYiQSkZqh5tVw8u2r4ksHftnBsuTxyfVBA/+d+XK
6/Pfr15JlzhfoJgG5hD4KAvpyS+VGoM3ST2Z0iRykDk6+/T8hDLItzmrivyNPQ3K
PQw82YMArGL1TTcdTjmUHm9F7Kqg2wzR+F0K5swv/Z+P+rflBATszNcltpfEd7kt
AmIquiUyg9c0n9z27zNDJzqjHvIcuwVB0NcneH9X2tRW0V3x5ske71TTVqdSSlau
UPLESYUnNewXUpfylCvnvC5LQOCwrG5871kfgdOEYLyrqtk2iL9/xRUkzCeHvGj/
O9QmG2HoCvStvABQVdChgEFE349eGNuZ5Rm/TiqBUtAl1o1cND+q9NsCprGAYxLl
7ZkyzlQ8tpbmIbkb0ehv5Mc8lZaeE0Pnfg2KuPVIcfhpmK2LyIErPU1TdU0pTe9f
O4P5HoOVD5DyfUvCueTr9+Fa/uJKcZP8XCgBTPB5EHHU4H992/lQJ3lejgbYlHlS
YaNy7+ccaXREgtly29TFwJ8guMDYTiVKPtzcuyveGfIKkP9/kxtoPVWzRpE7Gq52
LafhNCMXZ1rSGUPf348n3OqsYI8EsvHWFwMvfWZ8hs1KktIrn2+pPZNAgLpl/sCJ
BqwBif7+3sk=
=nJrb
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVD85RhLndAQH1ShLAQKM1Q/+Nt1GuzdNAmZYWvDVeE4KLejdaanuQ/i1
7saWS8CbDCCXGrsacKaNBnhjenEozF9BT+bs62dCluguZGX8/8gssNQr/0xODkeq
et6egZWO8MTfomWRz1fs/EMS9OXea47RhwDOuES1hOJX5CpokhURklnPg6qKbzp/
PM8zam+9iFmu+cZzsH5rTJZH3RqvTfO3S/qk4UF0Bnq5h6YknAz5rhNmxncmO3uJ
Tnvz8YwwhmYpSJcWwAeypKyEQog3C/jYGFJSaJqJ65HIR00TikgQtAjGRqHVCQMd
fKQwNqzGbgUog03GwXOjJcT7K2+iiPJmGnJqzdJykYBEpvx0Y7ruhvCyWu3E5qKK
yL9sD+whvIfnAO8cqhIOt5gF4Fgo/9WgY7JJ2jabIaVyS5kqiTuth3pEiStcYCbj
z7UGDGCBlLzpG3igtkKvYgtDeO3lEgQ9GHMvJFTqwaw2W2mQjKKuQ39S9sU6r2oe
8KmaH2BrrGU0BCC6lJUen2X3xxD26XuTWGJp306r7ohp/hb8Lm7Bj6tq48B27puz
91Ah5kKXlJp5projgVs/piUyU4rEU/Hb+Fsds6hVCoZ3DFvEwBx1Bsz8eA8CZVWg
wGQS2UDIBUoyYLrobIA2PLd82rY+Be4kxZOJebdM7AWqychSr7KXw0eldDl1i9nl
A6YhZIyJySI=
=yoNa
-----END PGP SIGNATURE-----