Cisco TelePresence ICMP Denial of Service Vulnerability

Summary

• A vulnerability in the ICMP ingress packet processing of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an unauthenticated, remote attacker to cause the TelePresence endpoint to reload unexpectedly, resulting in a denial of service (DoS) condition.
  
  The vulnerability is due to incomplete input validation for the size of a received ICMP packet. An attacker could exploit this vulnerability by sending a crafted ICMP packet to the local IP address of the targeted endpoint. A successful exploit could allow the attacker to cause a DoS of the TelePresence endpoint, during which time calls could be dropped. This vulnerability would affect either IPv4 or IPv6 ICMP traffic.
  
  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
  
  This advisory is available at the following link:
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp

Affected Products

• Vulnerable Products

  This vulnerability affects the following Cisco TelePresence products when running software release CE8.1.1, CE8.2.0, CE8.2.1, CE8.2.2, CE 8.3.0, or CE8.3.1.

  • Spark Room OS
  • TelePresence DX Series
  • TelePresence MX Series
  • TelePresence SX Quick Set Series
  • TelePresence SX Series

  Determining the Cisco TelePresence Software Release
  
  To determine which Cisco TelePresence software release is running on a Cisco product, administrators can check the system information on the local touch-control device or on-screen via the infrared (IR) remote controller.
  
  Administrators can also determine which software release is running by logging in to the web interface and using the http(s):// access URL or via the external API (xAPI) with the SSH protocol, using the ssh admin@ command. After logging in to the web interface, the welcome text displays information about the software release that is running on the device.
  
  For example, the following welcome text appears for a Cisco TelePresence Magnus SX80 codec that is running software release CE 8.2.0:
  

  Welcome to Magnus SX80
  Cisco Codec Release ce 8.2.0 PreAlpha1 c6612ca 2016-04-25
  SW Release Date: 2016-04-25 14:58:45, matchbox

  Products Confirmed Not Vulnerable

  No other Cisco products are currently known to be affected by this vulnerability.
  
  Cisco has confirmed that this vulnerability does not affect the following Cisco products:
  

  • TelePresence EX Series
  • TelePresence Integrator C Series
  • TelePresence Profile Series
  • TelePresence VX Clinical Assistant
  • TelePresence VX Tactical
  • TelePresence IX5000 Series
  • TelePresence System 500 Series
  • TelePresence System 3000 Series
  • TelePresence System T Series
  • TelePresence Codec (TC) software
  • TelePresence TX Series

Workarounds

• There are no workarounds that address this vulnerability.

Fixed Software

• Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license: http://www.cisco.com/en/US/docs/general/warranty/English/EU1KEN_.html

  Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.

  When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

  In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

  Customers Without Service Contracts

  Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: http://www.cisco.com/en/US/support/tsd_cisco_worldwide_contacts.html

  Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

  Fixed Releases

  This vulnerability is fixed in Cisco TelePresence Collaboration Endpoint (CE) Software release 8.3.2 or later. The Cisco TelePresence software can be downloaded from the Download Software site by navigating to Products > Video > Cisco TelePresence.
  
  Note: The Spark Room OS software upgrade is controlled by Cisco, and customer endpoints will be updated in the cloud.

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

• This vulnerability was found during resolution of a Cisco TAC support case.

URL

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170503-ctp

Revision History

• Version	Description	Section	Status	Date
  1.1	Update the Vulnerable Products list.	Vulnerable Products	Final	2017-May-04
  1.0	Initial public release.	-	Final	2017-May-03

  Show Less