—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1
Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
Advisory ID: cisco-sa-20170125-telepresence
Revision 1.0
For Public Release 2017 January 25 16:00 UTC (GMT)
+———————————————————————
Summary
=======
A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.
The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system.
Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.
This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-telepresence
—–BEGIN PGP SIGNATURE—–
iQIVAwUBWIeDdK89gD3EAJB5AQI79RAAplmPBpkFRYb4q6MDIh+/vve0iCnqG3wr
9jBWnzBazufUTII3085vH9snHmZjw2ffliVNv6DsWVXeouuxKgKHMi63dHoLmOTc
wvfAGCY8Ag9ML9or0ksOgeKcSq4qgmVqZDN163CvFtG/bq2W1yNqSOeNT2ay00SA
Xe0mP/lzqzgI0V7kw8Z3JmGq01sOOgTNV/RV3f5ZQOG3JpXQUuto8YfDwug3F1sl
JnNloBK2DNi5c6PzopqH2nYgWmOokv2VsSZchV7dZHHuwpL4yif3BY3p6SnZm6bc
ijTI2RhAfGf8NMMkGGoj/qYWn0JgzUEJ0sjPnpEmk2wo7YrdiABussvQ7HhHjaIB
3ayzYMoPI5RfMXiBgFgz5Y0YSJPj/WUNEMc2P7uzWTXq9WHEI26Mpp9Abc5w/lYC
e73xzbLwpEqCMwhNtjPCXZizG7bkOUeNWQCZv7SzRPB2vFpHUOGqUlpjHN5hygfk
576+N1nFcDcck6lpYGjuEcvbHQ+uJtQgGNcxm/8HHtApG44OFrN2lfy3nRolt9ib
hngttXqZjvW8Z1TAwQmohzaio46lNlLpBbHj2lsT0WeluP6YTbGW3hybHqnDDui6
Nr6hmdyGkCay9zIvPwRsisDUOltu2x3RU/cAPFvqk3//fkyrCQ5b9/6o/qh+MKZN
SLjZF80kyW8=
=bl4y
—–END PGP SIGNATURE—–
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com