ID

VAR-201207-0174

CVE

CVE-2012-3073

TITLE

Cisco TelePresence Service disruption in products (DoS) Vulnerabilities

DESCRIPTION

The IP implementation on Cisco TelePresence Multipoint Switch before 1.8.1, Cisco TelePresence Manager before 1.9.0, and Cisco TelePresence Recording Server 1.8 and earlier allows remote attackers to cause a denial of service (networking outage or process crash) via (1) malformed IP packets, (2) a high rate of TCP connection requests, or (3) a high rate of TCP connection terminations, aka Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323, and CSCty11338. The problem is Bug ID CSCti21830 , CSCti21851 , CSCtj19100 , CSCtj19086 , CSCtj19078 , CSCty11219 , CSCty11299 , CSCty11323 and CSCty11338 It is a problem.Denial of service by a third party through the following items ( Network outage or process crash ) There is a possibility of being put into a state. (1) Malformed IP packet (2) High frequency TCP Connection request (3) High frequency TCP Termination of connection. Cisco TelePresence is a telepresence conferencing solution developed by Cisco. A security issue exists in the network stack of the Cisco TelePresence operating system, allowing unauthenticated remote attackers to conduct denial of service attacks. An attacker can send a malformed IP packet sequence or TCP segment to the affected device at a higher frequency, which can cause the service and process of the affected device to crash, resulting in a denial of service attack. Multiple Cisco products are prone to a remote denial-of-service vulnerability. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. Also known as Bug IDs CSCti21830, CSCti21851, CSCtj19100, CSCtj19086, CSCtj19078, CSCty11219, CSCty11299, CSCty11323 and CSCty11338. For more information: SA49880 2) An error exists within the handling of Cisco Discovery Protocol (CDP) packets. ---------------------------------------------------------------------- We are millions! Join us to protect all Pc's Worldwide. Download the new Secunia PSI 3.0 available in 5 languages and share it with your friends: http://secunia.com/psi ---------------------------------------------------------------------- TITLE: Cisco TelePresence Recording Server Denial of Service Vulnerability SECUNIA ADVISORY ID: SA49880 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/49880/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=49880 RELEASE DATE: 2012-07-12 DISCUSS ADVISORY: http://secunia.com/advisories/49880/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/49880/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=49880 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: A vulnerability has been reported in Cisco TelePresence Recording Server, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is reported in versions 1.6 and prior, 1.7, and 1.8. SOLUTION: No official solution is currently available. PROVIDED AND/OR DISCOVERED BY: Reported by the vendor. ORIGINAL ADVISORY: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

IOT TAXONOMY

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

remote

TYPE

other

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Cisco

SOURCES

LAST UPDATE DATE

2024-11-23T22:02:39.523000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE