Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.0583.2
Multiple Vulnerabilities in Cisco TelePresence Video Communication Server,
Cisco Expressway and Cisco TelePresence Conductor
12 March 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Cisco TelePresence Video Communication Server (VCS)
Cisco Expressway
Cisco TelePresence Conductor
Publisher: Cisco Systems
Operating System: Cisco
Impact/Access: Administrator Compromise -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2015-0653 CVE-2015-0652
Original Bulletin:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs
Revision History: March 12 2015: Added CVEs for vulnerabilities
March 12 2015: Initial Release
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway and Cisco TelePresence Conductor
Advisory ID: cisco-sa-20150311-vcs
Revision 1.0
For Public Release 2015 March 11 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco TelePresence Video Communication Server (VCS), Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities:
* SDP Media Description Denial of Service Vulnerability
* Authentication Bypass Vulnerability
Successful exploitation of the SDP Media Description Denial of Service Vulnerability may cause the affected system to reload.
Successful exploitation of the Authentication Bypass Vulnerability may allow an attacker to bypass authentication and log in to the system with the privileges of an administrator.
Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.22 (Darwin)
Comment: GPGTools - https://gpgtools.org
iQIcBAEBCgAGBQJVAF7aAAoJEIpI1I6i1Mx3S10QAJhIupf/Gj2IJHMjYSd6JXH5
LvkDmwfuphrOHSVw2+OnWlFVK37qHg6JYQl12Wv7DQ8novToZrSJtn++KkjrwrE1
Tq9E5pAU36SBQhVlVGIPqGqQWVny3QxkddEaXPZoVdhTukyYV+enlM11FmfbER9k
eFiBFcsBtDE9pF3owTqoavw5KoyQYq3uVpMnHuP1k4ite5tBmrrMa8xYxv/t0TMb
CYzXbiIZ1C1coJbQuJP48Oj7ogmV9nqFXB+kdN+9GLlN5pLMzng2Ww5zdTOtfh3X
wY5U5lQL3BOF5eJUU8XBBnho0JnaIkphLbZqkCCEgD5xYbtF2PWPpUDn7MYk0PyA
FiMVbjyQKuTynTPtPYf0cKE/YlbaJbgYiJDqqyyf2cwD8LGPpUZ//NbYtCceROR9
fCAsBLeFKqZHHGc5d0ZdZhEytMeG4T262S3qAPba0RLRMGeKFq+lNLLI5pqZe1ON
7QSHBBmazwun1jsBA8bi+ZmYfOlt5hm3WSVs03JC231miZZCYUUpYLULgwwxkEq2
3MsHftzaWez70y/JY1JAFT6cQGgBn/XKwVtzFDZA/TXpPBnyoP05U1aK/HACYW30
XDa+oPiCgLsqB4zBlE8LCGxaULkrwEdyeEtXz3EnJDiPZPXPANElQ4syyxjBoYvX
b/06KvYeUJ2Ho8WK140j
=XBC5
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVQDS/xLndAQH1ShLAQJFLBAAtj4aOiHe6LgoU2RqdELs8xsQYnrrO650
6aGhj03gF6KVyWOfegwruXxpvojoklWrLU7T8v1AM8p+WUp2ph3ZhE18FjGF8acL
8BDg4uJOPgoI+/5DolBKprk+zxKexQ2Wc+lxLFdA1u0vso6YerXDXFF2EkEQgMdX
Imz8ITSvL+X4nidONU6BH975cuXmFLyDFpAxXLNjgfgzwcIKW7pMHXshZMbPNqNu
uZMJPCsMdlK8OeLRjC28XhZRGBTgw7r1ywB+qEhzIld3+Pd712S3mOeGUjom1Hcg
iKqHyv0oGnsFpJAltupfAGrf53z70rUMZE+8YE1YeMc5TcHc9ztT8hKDXXOR47IK
x+E27SNtIC9bawLvjUGW+UeQ3oiHbQZ8IdSrXC3CyZR7DLr2DHuUrmMVlAVgrpqQ
iJf2uQhXG6XlJgYf0yGBxWoAMMRWxm0ZEldFkTqw/cXLj2euXoRLEMsjO/yaTL6R
/CiFmYpvUNxSlEbR7PdlYDENg3/SM8L2wk8ozdBSRrNnHFOAoHUVQvXurbQhzNEU
lJk1aR7jlAyxl57hDFc2Jk+g78YLKRj8p6Nf0hyWpYA4yPqZC2TLIOH2gyxFsjhR
M5JlSv86I5EaqOKAiA3j3notGO7U9fDAo1ICl75s3z9aQ1utv51/XttBjKs8MKTk
ba9prqCcvqk=
=GlIE
-----END PGP SIGNATURE-----