BugTraq
Cisco Security Advisory: Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service Vulnerability Apr 06 2016 04:08PM
Cisco Systems Product Security Incident Response Team (psirt cisco com)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Cisco TelePresence Server Malformed STUN Packet Processing Denial of Service
Vulnerability

Advisory ID: cisco-sa-20160406-cts2

Revision 1.0

For Public Release 2016 April 6 16:00 UTC (GMT)

+-----------------------------------------------------------------------
----------------

Summary
=======

A vulnerability in Cisco TelePresence Server devices running software version 3.1 could
allow an unauthenticated, remote attacker to reload the device.

The vulnerability exists due to a failure to properly process malformed Session
Traversal Utilities for NAT (STUN) packets. An attacker could exploit this vulnerability
by submitting malformed STUN packets to the device. If successful, the attacker could
force the device to reload and drop all calls in the process.

Cisco has released software updates that address this vulnerability. Workarounds that
address this vulnerability are not available.

This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-sa-20160406-
cts2

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCgAGBQJXBSEeAAoJEK89gD3EAJB52JIQAMfj1NBNDPnO5Aaxt7q/WF09
RN1RVX2VCbk48UX7OyvVZ1ipj5aLoi9S3mV0k7AL+VsYpdW5XaLEbAqCV7vTmM8o
1FfPVVeWdnFd2JTfBOP7lHwJ1Q1p9IarlCAnIUIpPfJ28V+XKGpgsI1gioZo+6Gy
oe1dXmbiBXOYyNyZSzWkS13ydZjN9lFWHoN17A7vslHaD1mbkoj7qSL0gzmpk8+p
FDycKFIVDqKU2IfmFdVbDNDKUvuFmTSgdOx0cB2BgHuM+K6ftR1T26/cQbynFus4
jUbKQZ47019Cdn1YCePExn+ojaiypvI/a4JGRstiVtilsm3ulw04GiTRUgKVp2mG
J04CEAYnxcIqjZZJfwTP6AAOW7QjsSMDXvq8PLR8xZYgRqTlD52I5sdQCl41gpv7
v1EsQKiOXVhV+79pJrq1IDYWB7FDkMAV9WDoYTJCg9+ijPbkN2HCtC3EOvXCC58e
CDHlybCYQDbp+xX3oZDTx5j63fLNeybxdYP5poBOLzlWgxClfX/6DcaQ11yCCTsW
Mjjp8WBvtWQGDIX4KvUbUxijGhn2aV7bw4yFcdj0Gd5P+hU6VEQOmY7D/IoG6uu4
7nlYu0U8nCadZIW22KL55hMwUSsZOOZPEFnOTAfQuNOY2O2+PUWQO/quSUJXG5Jw
wYBRpLBK7sHzPl9RzBPx
=UEZB
-----END PGP SIGNATURE-----

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus