[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service 
Vulnerability

Advisory ID:  cisco-sa-20160406-cts2

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+---------------------------------------------------------------------------------------

Summary
=======

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could 
allow an unauthenticated, remote attacker to reload the device.

The vulnerability exists due to a failure to properly process malformed Session 
Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability 
by submitting malformed STUN packets to the device. If successful, the attacker could 
force the device to reload and drop all calls in the process.

Cisco has released software updates that address this vulnerability. Workarounds that 
address this vulnerability are not available.

This advisory is available at the following link: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-
cts2

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJXBSEeAAoJEK89gD3EAJB52JIQAMfj1NBNDPnO5Aaxt7q/WF09
RN1RVX2VCbk48UX7OyvVZ1ipj5aLoi9S3mV0k7AL+VsYpdW5XaLEbAqCV7vTmM8o
1FfPVVeWdnFd2JTfBOP7lHwJ1Q1p9IarlCAnIUIpPfJ28V+XKGpgsI1gioZo+6Gy
oe1dXmbiBXOYyNyZSzWkS13ydZjN9lFWHoN17A7vslHaD1mbkoj7qSL0gzmpk8+p
FDycKFIVDqKU2IfmFdVbDNDKUvuFmTSgdOx0cB2BgHuM+K6ftR1T26/cQbynFus4
jUbKQZ47019Cdn1YCePExn+ojaiypvI/a4JGRstiVtilsm3ulw04GiTRUgKVp2mG
J04CEAYnxcIqjZZJfwTP6AAOW7QjsSMDXvq8PLR8xZYgRqTlD52I5sdQCl41gpv7
v1EsQKiOXVhV+79pJrq1IDYWB7FDkMAV9WDoYTJCg9+ijPbkN2HCtC3EOvXCC58e
CDHlybCYQDbp+xX3oZDTx5j63fLNeybxdYP5poBOLzlWgxClfX/6DcaQ11yCCTsW
Mjjp8WBvtWQGDIX4KvUbUxijGhn2aV7bw4yFcdj0Gd5P+hU6VEQOmY7D/IoG6uu4
7nlYu0U8nCadZIW22KL55hMwUSsZOOZPEFnOTAfQuNOY2O2+PUWQO/quSUJXG5Jw
wYBRpLBK7sHzPl9RzBPx
=UEZB
-----END PGP SIGNATURE-----