Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

Related Vulnerabilities: CVE-2014-3368   CVE-2014-3369   CVE-2014-3370  

Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software includes the following vulnerabilities: Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability Succesfull exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the affected system, which may result in a Denial of Service (DoS) condition. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs Note: This security advisory does not provide information about the GNU Bash Environment Variable Command Injection Vulnerability (also known as Shellshock). For additional information regarding Cisco products affected by this vulnerability, refer to the Cisco Security Advisory at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Source

Summary

  • Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software includes the following vulnerabilities:
    • Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability
    • Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability
    • Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability
    Succesfull exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the affected system, which may result in a Denial of Service (DoS) condition.

    Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:
    http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

    Note: This security advisory does not provide information about the GNU Bash Environment Variable Command Injection Vulnerability (also known as Shellshock). For additional information regarding Cisco products affected by this vulnerability, refer to the Cisco Security Advisory at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Affected Products

  • Vulnerable Products

    These vulnerabilities apply to the following products running an affected version of software:
    • Cisco TelePresence VCS Control
    • Cisco TelePresence VCS Expressway
    • Cisco TelePresence VCS Starter Pack Expressway
    • Cisco Expressway Core
    • Cisco Expressway Edge
    Cisco TelePresence VCS and Cisco Expressway hardware and virtual appliances are both affected by these vulnerabilities.

    The Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability and Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability affect Cisco TelePresence VCS or Cisco Expressway in default configuration.

    The Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability affects the Cisco TelePresence VCS or Cisco Expressway if IX filter is configured. To determine whether the IX filter is configured, use the xconfig zone zone command and verify that xConfiguration Zones Zone 2 Neighbor SIP UDP IX Filter Mode parameter is set to On. The following example shows a Cisco TelePresence VCS or Cisco Expressway with the IX filter enabled:

    [...]
    *c xConfiguration Zones Zone 2 Neighbor SIP SearchAutoResponse: "Off"
    *c xConfiguration Zones Zone 2 Neighbor SIP TLS Verify Mode: "Off"
    *c xConfiguration Zones Zone 2 Neighbor SIP Transport: "TCP"
    *c xConfiguration Zones Zone 2 Neighbor SIP UDP BFCP Filter Mode: "Off"
    *c xConfiguration Zones Zone 2 Neighbor SIP UDP IX Filter Mode: "On"
    *c xConfiguration Zones Zone 2 Neighbor SIP UPDATE Strip Mode: "Off"
    *c xConfiguration Zones Zone 2 Neighbor SignalingRouting Mode: "Auto"
    *c xConfiguration Zones Zone 2 Neighbor ZoneProfile: "CiscoUnifiedCommunicationsManagerBFCP"
    [...]

    Products Confirmed Not Vulnerable

    No other Cisco products are currently known to be affected by these vulnerabilities.

Details

  • Cisco TelePresence VCS extends the benefits of face-to-face video collaboration across networks and organizations by supporting any-to-any video and telepresence communications. Cisco Expressway is designed specifically for comprehensive collaboration services provided through Cisco Unified Communications Manager, Cisco Business Edition, or Cisco Hosted Collaboration Solution. It features established firewall-traversal technology and helps redefine traditional enterprise collaboration boundaries.

    Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability

    A vulnerability in the packets processing function could allow an unauthenticated, remote attacker to cause a kernel crash and the reload of the affected system.

    The vulnerability is due to insufficient sanitization of crafted packets when processed by the system. An attacker could exploit this vulnerability by sending crafted IP packets to the affected system at a high rate.

    This vulnerability is documented in Cisco bug ID CSCui06507 (registered customers only) and has been assigned Common Vulnerability and Exposures (CVE) ID CVE-2014-3368

    Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability

    A vulnerability in the Session Initiation Protocol (SIP) IX Channel feature code could allow an unauthenticated, remote attacker to cause the reload of the affected system.
    The vulnerability is due to improper handling of crafted Session Description Protocol (SDP) packets when the IX filter is configured. An attacker could exploit this vulnerability by sending crafted SDP packets to the affected system.


    This vulnerability is documented in Cisco bug ID CSCuo42252 (registered customers only) and has been assigned CVE ID CVE-2014-3369

    Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability

    A vulnerability in Session Initiation Protocol (SIP) module could allow an unauthenticated, remote attacker to cause the reload of the affected system.

    The vulnerability is due to improper handling of crafted SIP packets. An attacker could exploit this vulnerability by sending crafted SIP packets to the affected system

    This vulnerability is documented in Cisco bug ID CSCum60447 (registered customers only) and CSCum60442 (registered customers only) and has been assigned CVE ID CVE-2014-3370

Workarounds

  • There are no workarounds for these vulnerabilities.

Fixed Software

  • When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

    In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

    The following table summarizes the first fixed release for each vulnerability in both Cisco TelePresence VCS and Cisco Expressway software. The Recommended Release row gives information on the recommended release that resolves all the vulnerabilities in this security advisory.


    First Fixed Release
    Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability
    		 X8.2 and later
    Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability
    		 X8.1.1 and later
    Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability
    		 X8.1.1 and later
    Recommended Release
         		X8.2 and later

    Note: This security advisory does not provide information about the GNU Bash Environment Variable Command Injection Vulnerability (also known as Shellshock). Customer should refer to the Cisco Security Advisory at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash before making decisions about the Cisco TelePresence VCS or Cisco Expressway software version.

Exploitation and Public Announcements

  • The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.

    These vulnerabilities were found during internal tests.

Cisco Security Vulnerability Policy

  • To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Action Links for This Advisory

Related to This Advisory

URL

Revision History

  • Revision 1.0 2014-October-15 Initial public release

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started