You are here
Home > Preporuke > Sigurnosni nedostatak Cisco TelePresence Server uređaja

Sigurnosni nedostatak Cisco TelePresence Server uređaja

by ncert - 0
  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: CIS

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service
Vulnerability

Advisory ID: cisco-sa-20160406-cts2

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+—————————————————————————————

Summary
=======

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could
allow an unauthenticated, remote attacker to reload the device.

The vulnerability exists due to a failure to properly process malformed Session
Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability
by submitting malformed STUN packets to the device. If successful, the attacker could
force the device to reload and drop all calls in the process.

Cisco has released software updates that address this vulnerability. Workarounds that
address this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-
cts2

—–BEGIN PGP SIGNATURE—–
Comment: GPGTools – http://gpgtools.org

iQIcBAEBCgAGBQJXBSEeAAoJEK89gD3EAJB52JIQAMfj1NBNDPnO5Aaxt7q/WF09
RN1RVX2VCbk48UX7OyvVZ1ipj5aLoi9S3mV0k7AL+VsYpdW5XaLEbAqCV7vTmM8o
1FfPVVeWdnFd2JTfBOP7lHwJ1Q1p9IarlCAnIUIpPfJ28V+XKGpgsI1gioZo+6Gy
oe1dXmbiBXOYyNyZSzWkS13ydZjN9lFWHoN17A7vslHaD1mbkoj7qSL0gzmpk8+p
FDycKFIVDqKU2IfmFdVbDNDKUvuFmTSgdOx0cB2BgHuM+K6ftR1T26/cQbynFus4
jUbKQZ47019Cdn1YCePExn+ojaiypvI/a4JGRstiVtilsm3ulw04GiTRUgKVp2mG
J04CEAYnxcIqjZZJfwTP6AAOW7QjsSMDXvq8PLR8xZYgRqTlD52I5sdQCl41gpv7
v1EsQKiOXVhV+79pJrq1IDYWB7FDkMAV9WDoYTJCg9+ijPbkN2HCtC3EOvXCC58e
CDHlybCYQDbp+xX3oZDTx5j63fLNeybxdYP5poBOLzlWgxClfX/6DcaQ11yCCTsW
Mjjp8WBvtWQGDIX4KvUbUxijGhn2aV7bw4yFcdj0Gd5P+hU6VEQOmY7D/IoG6uu4
7nlYu0U8nCadZIW22KL55hMwUSsZOOZPEFnOTAfQuNOY2O2+PUWQO/quSUJXG5Jw
wYBRpLBK7sHzPl9RzBPx
=UEZB
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com

AutorMarijo Plepelic
Cert idNCERT-REF-2016-04-0017-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
ncert
Top
More in Preporuke
Ranjivosti programskog paketa rubygem-actionview-3_2

Otkrivene su ranjivosti u komponentama Action View i Action Pack unutar programskog paketa rubygem-actionview-4_1 za nekoliko SUSE proizvoda. Potencijalni udaljeni...

Close