====================================================================

                              CERT-Renater

                 Note d'Information No. 2017/VULN174
_____________________________________________________________________

DATE                : 08/06/2017

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):  Systems running Cisco TelePresence Endpoint
                                          software.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele
____________________________________________________________________

Cisco Security Advisory: Cisco TelePresence Endpoint Denial of Service
Vulnerability

Advisory ID: cisco-sa-20170607-tele

Revision: 1.0

For Public Release: 2017 June 7 16:00 GMT

Last Updated: 2017 June 7 16:00 GMT

CVE ID(s): CVE-2017-6648

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the Session Initiation Protocol (SIP) of the Cisco
TelePresence Codec (TC) and Collaboration Endpoint (CE) Software could
allow an unauthenticated, remote attacker to cause a TelePresence
endpoint to reload unexpectedly, resulting in a denial of service (DoS)
condition.

The vulnerability is due to a lack of flow-control mechanisms within
the software. An attacker could exploit this vulnerability by sending a
flood of SIP INVITE packets to the affected device. An exploit could
allow the attacker to impact the availability of services and data of
the device, including a complete DoS condition.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-tele"]

==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================