==================================================================== CERT-Renater Note d'Information No. 2016/VULN148 _____________________________________________________________________ DATE : 06/04/2016 HARDWARE PLATFORM(S): Cisco TelePresence Server devices. OPERATING SYSTEM(S): Cisco TelePresence Server sofware versions 3, 4. ====================================================================== http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2 _____________________________________________________________________ Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability Advisory ID: cisco-sa-20160406-cts Revision 1.0 For Public Release 2016 April 6 16:00 UTC (GMT) +--------------------------------------------------------------------------------------- Summary ======= A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel panic on the device. The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic, rebooting the device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts _____________________________________________________________________ Cisco TelePresence Server Crafted URL Handling Denial of Service Vulnerability Advisory ID: cisco-sa-20160406-cts1 Revision 1.0 For Public Release 2016 April 6 16:00 UTC (GMT) +--------------------------------------------------------------------------------------- Summary ======= A vulnerability in Cisco TelePresence Server devices running software versions 4.1(2.29) through 4.2(4.17) could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by sending multiple URL requests to an affected device. The requests will eventually time out because negotiation from the client does not occur; however, each request consumes additional memory, resulting in memory exhaustion that causes the device to crash. If successful, the attacker could utilize all available memory resources, causing the device to reload. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts1 _____________________________________________________________________ Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability Advisory ID: cisco-sa-20160406-cts2 Revision 1.0 For Public Release 2016 April 6 16:00 UTC (GMT) +--------------------------------------------------------------------------------------- Summary ======= A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device. The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability by submitting malformed STUN packets to the device. If successful, the attacker could force the device to reload and drop all calls in the process. Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2 ========================================================== Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================== + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: cert@support.renater.fr + ==========================================================