X
Tech

Hackers can break into your Cisco TelePresence sessions

Major security holes in the Cisco TelePresence product line could allow attackers to execute arbitrary code, cause a denial-of-service condition, or inject commands.
Written by Ryan Naraine, Contributor

If you rely on Cisco TelePresence products for sensive business communications, you might want to stop what you are doing and pay attention to a new warning that hackers can exploit security flaws to execute arbitrary code, cause a denial-of-service condition, or inject malicious commands.

Cisco released four separate security advisories today to warn of the risks and urge TelePresence users to deploy patches, especially in sensitive business environments.

If you think this might just be a theoretical threat, take a look at what HD Moore (of Metasploit fame) demonstrated for the New York Times earlier this year.

The skinny from Cisco:

Advisory #1:

Cisco TelePresence Recording Server contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Web Interface Command Injection
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.
Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #2:

Cisco TelePresence Multipoint Switch contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #3:

Cisco TelePresence Manager contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #4:

Cisco TelePresence Endpoint devices contain the following vulnerabilities:

  • Cisco TelePresence API Remote Command Execution Vulnerability
  • Cisco TelePresence Remote Command Execution Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests.  The injected commands will be executed by the underlying operating system in an elevated context.
Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface.  The injected commands will be executed by the underlying operating system in an elevated context.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

 

 

Editorial standards