Multiple Vulnerabilities in Cisco Telepresence TC and TE Software

ITS Advisory Number: 
2014-043
Date(s) Issued: 
Thursday, May 1, 2014
Subject: 
Multiple Vulnerabilities in Cisco Telepresence TC and TE Software
Overview: 

Multiple vulnerabilities have been discovered in Cisco Telepresence TC and TE software which is used by Cisco Telepresence hardware.  Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanism and gain unauthorized access, execute arbitrary commands or cause denial-of-service conditions; other attacks may also be possible.

Systems Affected: 
  • Cisco Telepresence Integrator C Series
  • Cisco Telepresence MX Series
  • Cisco Telepresence Profiles Series
  • Cisco Telepresence Quick Set Series
  • Cisco Telepresence System EX Series
  • Cisco Telepresence System T Series
  • Cisco Telepresence VX Clinical Assistant
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
Low
Description: 

Multiple vulnerabilities have been discovered in Cisco Telepresence TC and TE software which is the software used by Cisco Telepresence systems. The affected appliances provide remote presence systems for businesses. It should be noted that these vulnerabilities are independent of one another.

Please see the following link to Ciscos advisory and find the sub-menu for "Software Versions and Fixes" to find a detailed graph describing which versions of the Cisco Telepresence Software is affected by which vulnerability:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte

The following vulnerabilities have been identified:
Multiple remote denial-of-service vulnerabilities exist as the software fails to properly handle SIP packets. Specifically, these issues affect the SIP code.   

'
Actions: 
  • Install the updates provided by Cisco immediately after appropriate testing.
References: 
Cisco:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte
Security Focus:
http://www.securityfocus.com/bid/67170
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2162
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2163
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2164
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2165
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2166
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2167
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2168
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2169
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2170
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2171
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2172
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2173