===================================================================== CERT-Renater Note d'Information No. 2015/VULN011 _____________________________________________________________________ DATE : 12/03/2015 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Cisco TelePresence Video Communication Server, Cisco Expressway, Cisco TelePresence Conductor. ====================================================================== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs ______________________________________________________________________ Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server, Cisco Expressway and Cisco TelePresence Conductor Advisory ID: cisco-sa-20150311-vcs Revision 1.0 For Public Release 2015 March 11 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco TelePresence Video Communication Server (VCS), Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities: * SDP Media Description Denial of Service Vulnerability * Authentication Bypass Vulnerability Successful exploitation of the SDP Media Description Denial of Service Vulnerability may cause the affected system to reload. Successful exploitation of the Authentication Bypass Vulnerability may allow an attacker to bypass authentication and log in to the system with the privileges of an administrator. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================