Cisco Mitigates TelePresence, FirePOWER Holes

Friday, May 6, 2016 @ 05:05 PM gHale


Cisco fixed critical and high severity vulnerabilities with its FirePOWER and TelePresence lines.

The XML API of the TelePresence Codec (TC) and Collaboration Endpoint (CE) software suffers from a critical vulnerability that allows a remote, unauthenticated attacker to bypass authentication and gain access to a targeted system, Cisco officials said.

RELATED STORIES
Six NTP Daemon Holes Patched
Rockwell, Cisco in DPI Pact
Cisco Patches WLC Security Holes
Cisco Issues Security Updates

Attackers can leverage the vulnerability by sending a specially crafted HTTP request to the XML API. If successful, the attacker can then use the API to make configuration changes and issue control commands.

Cisco has also published advisories to describe high severity denial-of-service (DoS) vulnerabilities affecting the FirePOWER system software.

One of the flaws could allow a remote attacker to cause a system to stop inspecting and processing packets by sending it a specially crafted packet. The issue affects several appliances running FirePOWER system software versions 5.3.0 – 5.3.0.6 and 5.4.0 – 5.4.0.3.

The second DoS vulnerability affects all versions of the FirePOWER system software used in ASA 5585-X FirePOWER SSP modules. The flaw, caused by the logging of certain IP packets, allows an attacker to cause the module to go offline or stop inspecting traffic.

Cisco identified all of these vulnerabilities and the company said they found no evidence any of them are undergoing exploitation for malicious purposes.

US-CERT also published an alert to inform users about these vulnerabilities. The agency has advised users and administrators to review the security advisories and apply the updates.