—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco TelePresence Endpoint Denial of Service Vulnerability

Advisory ID: cisco-sa-20170607-tele

Revision: 1.0

For Public Release: 2017 June 7 16:00 GMT

Last Updated: 2017 June 7 16:00 GMT

CVE ID(s): CVE-2017-6648

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

+———————————————————————

Summary
=======
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause a TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition.

The vulnerability is due to a lack of flow-control mechanisms within the software. An attacker could exploit this vulnerability by sending a flood of SIP INVITE packets to the affected device. An exploit could allow the attacker to impact the availability of services and data of the device, including a complete DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele”]

—–BEGIN PGP SIGNATURE—–

iQKBBAEBAgBrBQJZOCScZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHnj9A//d+idm+Llo+lnjcs+
JwwyDRo22IegMlrN9dSDWVo5Gml+dwC9crecd2qJ4rwhsdLvCo1TEPUC/HfHSEfY
l0yU0lL3yBZOx1cukIO4w/Y55MVGZThsm5ZXRgTW0tUcXN5OMvGZDPJaHFkIWB24
S6wMW2PPUY4Bxb3N0Ql3z8lBDyi1Z4s7agl2TROytL60JMibKNpKqLOAYKJldRUg
igzkuqPD6s/v+94AyOj9c7+ZQO9dh8dERT2yqOQ4WBh3SgNtJvWbbQ/fHs0Oyrr+
eycSUXZ3tL8AttRakYHiplW7sjp97H2GrDB/UCWkQJ4FNd25JZMLBDPuijHMiZo4
6JsHwLVWJkX0MD6WrFrb3jDRjYxiAKNzl9mZvYv8GqPWQ78plSJ/ORPeC6K28wPP
mMqAF/XdDHFBRxdtRfudFC5g40keDbBJP68TBEE6Sr3FJe1sRyOo25D5ATUhP1Hv
SXgkOr1rlerI6ddKagW3ik+OXXWX8goXGtn3zTtXWabuq+ng0qJtYaVvT9XzH/aX
OQrkuYBCpSWmnd7TQpmQolknL7Vp6adVaE4gUiAeI5e0P9qlB0xIDZyExyvZ+Vyy
H5naUXMP5Or6v6HhBSJ9O8xWAK+Y/hf7Yw1gOSyL2DDbBak+CKcUWgxCY28ELoBb
Y2mtfB1LnDwKNAzDh+Uld5o3ts8=
=oCEA
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com