[c-nsp] Cisco Security Advisory: Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Apr 6 12:07:14 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability
Advisory ID: cisco-sa-20160406-cts
Revision 1.0
For Public Release 2016 April 6 16:00 UTC (GMT)
+---------------------------------------------------------------------------------------
Summary
=======
A vulnerability in Cisco TelePresence Server devices running software versions 3.0
through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel
panic on the device.
The vulnerability exists due to a failure to properly handle a specially crafted stream
of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic,
rebooting the device.
Cisco has released software updates that address this vulnerability. Workarounds that
mitigate this vulnerability are available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJXBSERAAoJEK89gD3EAJB5644P/An6qNBuF8NJbf3YmheKoOnZ
qdWYOg89Cy/lvHXTiGshZvcahV+T4pwLKVsn40hl3H1Gfp8sOr9b2KIR8MC11jas
tSZ2BZUTALhUGJ7l/3DDY2pPajpRkvMlo6BTOKhewpcKxSb5KtXn0QKsQXO/0ipz
a0XlrwSZAMsyWQ9/KE3TR9LoQGZ0yPEBUJFZCP5WsMosiFGQGMp7WVO7y6G0L9J/
9LM9qZHpbi8m01wIrRigJMj7kX/6eFOdFveAUHwBcrThknd7WiaWiK0EdzvYr3bN
FbrMub1GFIZp04SaW34r+qK/Rm9P1Bku/+T38nxvAESraKG9Dumj47h3krU476UQ
oSxLvacQNnaNBs9kuBFckYLYV7RneQ1u+oZq0LAZaZ6+tWdmC0Y6abrsJk3dupnl
k2bX/F3UH8B5h6L9PJROcofuRtmmhOWRklK/kShlheZt/Vf8Wig/yHawRC5on1Iw
QvKOWY7510U2pj4OhG2YyZgX1dmJ0neDTul6hJ39uSOBUBm7LYYy8efvqRB3S1te
QaodRiaQU8CdbVRDTt5N+5qFoKQ70Ii+2HHX3h+WkMl6oVEpZ32rmn5QvbZ8pS5Y
Flnli00aDIVDrxXInqiMLAig4yKKxT12uMH8lX9Ta3tyXSD3PG9QwYXbue1exwwo
uwizbTaFsnwb9H5vyNUG
=9XH/
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list