Hackers can break into your Cisco TelePresence sessions

Summary:Major security holes in the Cisco TelePresence product line could allow attackers to execute arbitrary code, cause a denial-of-service condition, or inject commands.

If you rely on Cisco TelePresence products for sensive business communications, you might want to stop what you are doing and pay attention to a new warning that hackers can exploit security flaws to execute arbitrary code, cause a denial-of-service condition, or inject malicious commands.

Cisco released four separate security advisories today to warn of the risks and urge TelePresence users to deploy patches, especially in sensitive business environments.

follow Ryan Naraine on twitter

If you think this might just be a theoretical threat, take a look at what HD Moore (of Metasploit fame) demonstrated for the New York Times earlier this year.

The skinny from Cisco:

Advisory #1:

Cisco TelePresence Recording Server contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Web Interface Command Injection
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.

Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #2:

Cisco TelePresence Multipoint Switch contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #3:

Cisco TelePresence Manager contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #4:

Cisco TelePresence Endpoint devices contain the following vulnerabilities:

  • Cisco TelePresence API Remote Command Execution Vulnerability
  • Cisco TelePresence Remote Command Execution Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests.  The injected commands will be executed by the underlying operating system in an elevated context.

Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface.  The injected commands will be executed by the underlying operating system in an elevated context.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

 

 

Topics: Security, Social Enterprise, Software, Telcos

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.