====================================================================

                                  CERT-Renater

                      Note d'Information No. 2017/VULN023
_____________________________________________________________________

DATE                : 26/01/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Cisco Expressway Series software,
            Cisco TelePresence Video Communication Server (VCS) software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway
____________________________________________________________________

Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS
Denial of Service Vulnerability

Advisory ID: cisco-sa-20170125-expressway

Revision 1.0

For Public Release 2017 January 25 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the received packet parser of Cisco Expressway
Series and Cisco TelePresence Video Communication Server (VCS) software
could allow an unauthenticated, remote attacker to cause a reload of
the affected system, resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient size validation of
user-supplied data. An attacker could exploit this vulnerability by
sending crafted H.224 data in Real-Time Transport Protocol (RTP)
packets in an H.323 call. An exploit could allow the attacker to
overflow a buffer in a cache that belongs to the received packet
parser, which will result in a crash of the application, resulting in
a DoS condition.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================