[c-nsp] Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability
Cisco Systems Product Security Incident Response Team
psirt at cisco.com
Wed Apr 6 12:08:31 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service
Vulnerability
Advisory ID: cisco-sa-20160406-cts2
Revision 1.0
For Public Release 2016 April 6 16:00 UTC (GMT)
+---------------------------------------------------------------------------------------
Summary
=======
A vulnerability in Cisco TelePresence Server devices running software version 3.1 could
allow an unauthenticated, remote attacker to reload the device.
The vulnerability exists due to a failure to properly process malformed Session
Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability
by submitting malformed STUN packets to the device. If successful, the attacker could
force the device to reload and drop all calls in the process.
Cisco has released software updates that address this vulnerability. Workarounds that
address this vulnerability are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-
cts2
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCgAGBQJXBSEeAAoJEK89gD3EAJB52JIQAMfj1NBNDPnO5Aaxt7q/WF09
RN1RVX2VCbk48UX7OyvVZ1ipj5aLoi9S3mV0k7AL+VsYpdW5XaLEbAqCV7vTmM8o
1FfPVVeWdnFd2JTfBOP7lHwJ1Q1p9IarlCAnIUIpPfJ28V+XKGpgsI1gioZo+6Gy
oe1dXmbiBXOYyNyZSzWkS13ydZjN9lFWHoN17A7vslHaD1mbkoj7qSL0gzmpk8+p
FDycKFIVDqKU2IfmFdVbDNDKUvuFmTSgdOx0cB2BgHuM+K6ftR1T26/cQbynFus4
jUbKQZ47019Cdn1YCePExn+ojaiypvI/a4JGRstiVtilsm3ulw04GiTRUgKVp2mG
J04CEAYnxcIqjZZJfwTP6AAOW7QjsSMDXvq8PLR8xZYgRqTlD52I5sdQCl41gpv7
v1EsQKiOXVhV+79pJrq1IDYWB7FDkMAV9WDoYTJCg9+ijPbkN2HCtC3EOvXCC58e
CDHlybCYQDbp+xX3oZDTx5j63fLNeybxdYP5poBOLzlWgxClfX/6DcaQ11yCCTsW
Mjjp8WBvtWQGDIX4KvUbUxijGhn2aV7bw4yFcdj0Gd5P+hU6VEQOmY7D/IoG6uu4
7nlYu0U8nCadZIW22KL55hMwUSsZOOZPEFnOTAfQuNOY2O2+PUWQO/quSUJXG5Jw
wYBRpLBK7sHzPl9RzBPx
=UEZB
-----END PGP SIGNATURE-----
More information about the cisco-nsp
mailing list