===================================================================== CERT-Renater Note d'Information No. 2014/VULN021 _____________________________________________________________________ DATE : 23/01/2014 HARDWARE PLATFORM(S): Cisco TelePresence VCS Control, Cisco TelePresence VCS Expressway, Cisco TelePresence VCS Starter Pack Expressway. OPERATING SYSTEM(S): Cisco TelePresence VCS Software version prior to X8.1. ====================================================================== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs ______________________________________________________________________ Cisco Security Advisory: Cisco TelePresence Video Communication Server SIP Denial of Service Vulnerability Advisory ID: cisco-sa-20140122-vcs Revision 1.0 For Public Release 2014 January 22 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco TelePresence Video Communication Server (VCS) contains a vulnerability that could allow an unauthenticated, remote attacker to trigger the failure of several critical processes which may cause active call to be dropped and prevent users from making new calls until the affected system is reloaded. Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-vcs ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================