AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C
-
Cisco TelePresence Recording Server contains the following vulnerabilities:
- Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
- Cisco TelePresence Web Interface Command Injection
- Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released updated software that resolves the command and code execution vulnerabilities. There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported.
There are no workarounds that mitigate these vulnerabilities.
Customers should contact their Cisco Sales Representative to determine the Business Unit responsible for their Cisco TelePresence Recording Server.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
-
Vulnerable Products
Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch, and Cisco TelePresence Immersive Endpoint System may be affected by the vulnerabilities described in this security advisory. The following tables contain specific information for each vulnerability.
Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
Product Affected Cisco TelePresence Manager
Yes Cisco TelePresence Recording Server
Yes Cisco TelePresence Multipoint Switch
Yes Cisco TelePresence Immersive Endpoint System
No
Cisco TelePresence Web Interface Command Injection
Product Affected Cisco TelePresence Manager
No Cisco TelePresence Recording Server Yes Cisco TelePresence Multipoint Switch
No Cisco TelePresence Immersive Endpoint System
No
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
Product Affected Cisco TelePresence Manager
Yes Cisco TelePresence Recording Server
Yes Cisco TelePresence Multipoint Switch Yes Cisco TelePresence Immersive Endpoint System
Yes
Detailed Information about Vulnerable Products
This security advisory describes the vulnerabilities for the Cisco TelePresence Recording Server. For additional information regarding how the vulnerabilities affect other vulnerable products, refer to the specific product security advisories at the links in the table below:
Product Security Advisory Publication Link Cisco TelePresence Multipoint Switch
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms Cisco TelePresence Manager
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman Cisco TelePresence Immersive Endpoint System
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
How to Determine the Software Version
Cisco TelePresence Recording Server devices that are running an affected version of software are affected.
To determine the current version of software that is running on the Cisco TelePresence Recording Server, establish an SSH connection to the device and issue the show version active and the show version inactive commands. The output should resemble the following example:
admin: show version active Active Master Version: 1.7.0.0-471 Active Version Installed Software Options: No Installed Software Options Found. admin: show version inactive Inactive Master Version: 1.6.0.0-342 Inactive Version Installed Software Options: No Installed Software Options Found.
In the preceding example, the system has versions 1.6.0 and 1.7.0 loaded on the device, and version 1.7.0 is currently active. A device is affected only by vulnerabilities that are in the active software version.
Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Cisco Telepresence Recording Server offers high quality recording capabilities.
This section gives additional information for each of the vulnerabilities affecting Cisco TelePresence Recording Server.
Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
A vulnerability exists in the network stack of the operating system that could allow an unauthenticated, remote attacker to create a denial of service condition, preventing the device from responding to new connection requests and potentially leading to the crash of some of the services and processes. The vulnerability is due to improper handling of malformed IP packets and TCP connection requests or terminations sent at a high rate. An attacker could exploit this vulnerability by sending a specially crafted sequence of malformed IP packets or TCP segments at a high rate.
This vulnerability is documented in Cisco bug ID CSCti21830 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-3073.
Cisco TelePresence Web Interface Command Injection
A vulnerability exists in the administrative web interface that could allow an authenticated, remote attacker to perform a command injection attack. An attacker could leverage this issue to send malicious requests to the device that, when processed, could allow the attacker to execute arbitrary commands with elevated privileges.
This vulnerability is documented in Cisco bug IDCSCth85804 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-3076.
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
A remote code execution vulnerability in the implementation of the Cisco Discovery Protocol component could allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges. The vulnerability is due to a failure to properly handle malformed Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by passing malformed Cisco Discovery Protocol packets to an affected device. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code with elevated privileges.
Because Cisco Discovery Protocol works at the data link layer (Layer 2), an attacker must have a way to submit an Ethernet frame directly to an affected device. This action may be possible in situations where the affected system is part of a bridged network or connected to a non partitioned device, such as a network hub.
This vulnerability is documented in Cisco bug ID CSCtz40953 (registered customers only) and has been assigned Common Vulnerabilities and Exposures (CVE) ID CVE-2012-2486.
-
There are no workarounds that mitigate these vulnerabilities.
-
This section gives details about affected releases, Cisco TelePresence Recording Server is no longer being developed and these issues will not be fixed.
Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
Version Remediation Prior to 1.6
No Fix 1.6
No Fix 1.7
No Fix 1.8
No Fix
Cisco TelePresence Web Interface Command Injection
Version Remediation Prior to 1.6
1.8.0
1.6
1.8.0 1.7
1.8.0 1.8
1.8.0 Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability
Version Release Prior to 1.6
1.8.1
1.6
1.8.1
1.7
1.8.1
1.8
1.8.1 Recommended Releases
The following table gives information about the releases that contains the fixes for all the vulnerabilities described in this security advisory:
Version Release Prior to 1.6
1.8.1 or later
1.6
1.8.1 or later
1.7
1.8.1 or later
1.8
1.8.1 or later
When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance provider.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
These vulnerabilities were identified during an internal security audit of the Cisco TelePresence Recording Server.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.1 2012-July-31 Fixed incorrect hyperlink. Revision 1.0 2012-July-11 Initial public release.
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.