Cisco Patches TelePresence, Expressway Holes

Thursday, January 26, 2017 @ 05:01 PM gHale


Cisco patched a series of vulnerabilities in its TelePresence and Expressway products.

The most severe of the vulnerabilities is a critical remote code execution issue affecting the device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU).

RELATED STORIES
Cisco Fixing WebEx Extension
Cisco Clears Cloud Fault
Passwords Reset on Cisco Careers Portal
Cisco Fixes Email Security Appliance

The flaw can end up leveraged by a remote, unauthenticated attacker to trigger a buffer overflow and execute arbitrary code or cause a denial-of-service (DoS).

The security hole affects TelePresence MCU 5300 Series, MCU MSE 8510 and MCU 4500 when running version 4.3(1.68) or later of the software. For those running versions prior to 4.3(1.68) they do not suffer from the issue. Users that do have the vulnerability should update to version 4.5(1.89).

Cisco TelePresence, mainly the Video Communications Server (VCS) software, also suffers from a DoS vulnerability that can end up exploited remotely without authentication. The same issue also affects the Expressway Series collaboration gateway.

The flaw exists in all versions of the Cisco Expressway Series and TelePresence VCS software prior to X8.8.2.



Leave a Reply

You must be logged in to post a comment.