Hackers can break into your Cisco TelePresence sessions

Hackers can break into your Cisco TelePresence sessions

Summary: Major security holes in the Cisco TelePresence product line could allow attackers to execute arbitrary code, cause a denial-of-service condition, or inject commands.

SHARE:

If you rely on Cisco TelePresence products for sensive business communications, you might want to stop what you are doing and pay attention to a new warning that hackers can exploit security flaws to execute arbitrary code, cause a denial-of-service condition, or inject malicious commands.

Cisco released four separate security advisories today to warn of the risks and urge TelePresence users to deploy patches, especially in sensitive business environments.

follow Ryan Naraine on twitter

If you think this might just be a theoretical threat, take a look at what HD Moore (of Metasploit fame) demonstrated for the New York Times earlier this year.

The skinny from Cisco:

Advisory #1:

Cisco TelePresence Recording Server contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Web Interface Command Injection
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.

Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #2:

Cisco TelePresence Multipoint Switch contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #3:

Cisco TelePresence Manager contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #4:

Cisco TelePresence Endpoint devices contain the following vulnerabilities:

  • Cisco TelePresence API Remote Command Execution Vulnerability
  • Cisco TelePresence Remote Command Execution Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the API Remote Command Execution vulnerability could allow an unauthenticated, adjacent attacker to inject commands into API requests.  The injected commands will be executed by the underlying operating system in an elevated context.

Exploitation of the Remote Command Execution vulnerability could allow an authenticated, remote attacker to inject commands into requests made to the Administrative Web interface.  The injected commands will be executed by the underlying operating system in an elevated context.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

 

 

Topics: Security, Software, Telcos, Social Enterprise

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Disappointed in Cisco for these holes.

    I mean malformed packet DoS vulnerability has been know for ages. Guess they are not used to generating bullet proof apps. Hey, welcome to reality.
    droidfromsd
  • There is already a patch

    Thanks for informing us about this. It seems Cisco has a patch. All my systems are on their own video VLAN and should not be vulnerable to this type of attack, but I already upgraded to the latest software.

    http://www.cisco.com/en/US/products/csa/cisco-sa-20120711-cts.html
    vtcindc
    • updates

      people should always do updates. half of these warnings are for people who don't. And then people cry about how software is vulnerable... While there are exploits from time to time, if you keep up on your stuff its unlikely that this stuff will happen.
      Jimster480
  • This would be much more interesting than a marketing meeting

    Just saying...
    redhaven