[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of Service Vulnerability
From: Cisco Systems Product Security Incident Response Team <psirt@xxxxxxxxx>
Date: Wed, 25 Jan 2017 11:34:06 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco Expressway Series and TelePresence VCS Denial of 
Service Vulnerability

Advisory ID: cisco-sa-20170125-expressway

Revision 1.0

For Public Release 2017 January 25 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

A vulnerability in the received packet parser of Cisco Expressway Series and 
Cisco TelePresence Video Communication Server (VCS) software could allow an 
unauthenticated, remote attacker to cause a reload of the affected system, 
resulting in a denial of service (DoS) condition.

The vulnerability is due to insufficient size validation of user-supplied data. 
An attacker could exploit this vulnerability by sending crafted H.224 data in 
Real-Time Transport Protocol (RTP) packets in an H.323 call. An exploit could 
allow the attacker to overflow a buffer in a cache that belongs to the received 
packet parser, which will result in a crash of the application, resulting in a 
DoS condition.

Cisco has released software updates that address this vulnerability. There are 
no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170125-expressway
-----BEGIN PGP SIGNATURE-----

iQIVAwUBWIeDZq89gD3EAJB5AQJoOhAAm8pNabl5Kr9d+LAe4IluOsqyeHf2gMg0
drcfsdA36rLpGDHkjNrY8bLkOpC1CG+XM0DNTcRztggya05W4EiI26DmFyxlIWyR
bVI6h5VcTO4TpqNRrIYq9+iqEV2oKKTLNcBn5YCS0qU2dwGoN882cFoUsgKQcnCj
etLfzRByCEpAye02Lz8bZFRuRdPe98GCqxo7mSnZzxQNtiUfN1LfUvlryoeDh01J
d0oDQy8fsOtoKfWJi6DtZwZO79ySJ3Z6FDp03Xd2OqJmWNCMfYYkmzKMrfMI/Jyo
l1Ze70epM9SJyxZp0h5dsSDryCMQdBvdwlhQuk84Dnu1hZOTcM2d88KhWIEpiUGo
RcVQsAHMMkqHZYz14uy1bRc5Y0QxRu8WooSVQsDofSOJD/p33aDGudgnPZwyEvQQ
V2w5oQ29jEiInPd+sadpBUtVcq2/EI79qJK9PaLmx7ML3lZmKynXfwCyWbS5o91q
orsl7/+/EH+ty3VKF0c6x8n5tnRMTEfaD+bL7akjGaespehEL7t5qQiIHIBxWleX
jXpYh5NeoVPGARMoQt6KtDsbjPY0I4nVbb5kTRoKMQ/9kZ3H0FAwxUwkKAnEVt6C
g7USmB32lBaSCqnKAuRzOVz8bSy/6rdG9Br7bTZ8ezQatOCZBgmu5cBZ5yNVTxsb
aifANu7jBdc=
=fBku
-----END PGP SIGNATURE-----

Prev by Date: Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability
Next by Date: Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
Previous by thread: Cisco Security Advisory: Cisco Adaptive Security Appliance CX Context-Aware Security Denial of Service Vulnerability
Next by thread: Cisco Security Advisory: Cisco TelePresence Multipoint Control Unit Remote Code Execution Vulnerability
Index(es):
- Date
- Thread