Cisco patches TelePresence control unit flaw

Cisco issues another patch for a security issue with a conferencing system

Cisco has patched a flaw in its TelePresence system that could allow hackers to run code or cause a denial-of-service attack. 

The flaw in Cisco TelePrescence Multipoint Control Units has already been addressed via a patch, so admins should ensure software is up to date. 

"The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets," Cisco said in an alert. "An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system."

The company said the 5300 Series, MSE 8510, and MCU 4500 models were at risk, but not the 4200 Series or the MSE 8420. However, Cisco isn't patching the MCU 4500, saying it passed the end of maintenence milestone in July of last year.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

If users need to delay installing the patch or are using the MCU 4500, there is one mitigation: configure the MCU software to use transcoded content instead of passthrough content. That mode was only introduced in version 4.3 of the software, so older versions are not affected. 

Cisco stressed that its security incident response team hasn't yet seen any attacks using the vulnerability, with the flaw spotted "during the resolution of a support case". 

The patch follows a critical flaw in Cisco's WebEx Chrome plugin, which could have allowed hackers to execute code remotely on the machines of the tens of millions of businesses that use the web-based conferecing system. Cisco patched the system last week.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/hardware/laptops/354533/dell-xps-13-new-9300-hands-on-review-chasing-perfection
Laptops

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020