Cisco patches TelePresence control unit flaw

Cisco issues another patch for a security issue with a conferencing system

Cisco has patched a flaw in its TelePresence system that could allow hackers to run code or cause a denial-of-service attack. 

The flaw in Cisco TelePrescence Multipoint Control Units has already been addressed via a patch, so admins should ensure software is up to date. 

"The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets," Cisco said in an alert. "An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system."

The company said the 5300 Series, MSE 8510, and MCU 4500 models were at risk, but not the 4200 Series or the MSE 8420. However, Cisco isn't patching the MCU 4500, saying it passed the end of maintenence milestone in July of last year.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

If users need to delay installing the patch or are using the MCU 4500, there is one mitigation: configure the MCU software to use transcoded content instead of passthrough content. That mode was only introduced in version 4.3 of the software, so older versions are not affected. 

Cisco stressed that its security incident response team hasn't yet seen any attacks using the vulnerability, with the flaw spotted "during the resolution of a support case". 

The patch follows a critical flaw in Cisco's WebEx Chrome plugin, which could have allowed hackers to execute code remotely on the machines of the tens of millions of businesses that use the web-based conferecing system. Cisco patched the system last week.

Featured Resources

Report: The State of Software Security

This annual report explores important trends in software security

Download now

A fast guide to finding your cloud solution

One size doesn't fit all in the cloud, so how do you find the best option for your business?

Download now

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Small & Medium Business Trends Report

Insights from 2,000+ business owners and leaders worldwide

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/mobile/28299/how-to-use-chromecast-without-wi-fi
Mobile

How to use Chromecast without Wi-Fi

5 Feb 2020
Visit/hardware/354723/coronavirus-starts-to-take-its-toll-on-the-tech-industry
Hardware

Coronavirus starts to take its toll on the tech industry

6 Feb 2020
Visit/operating-systems/microsoft-windows/354739/windows-7-bug-blocks-users-from-shutting-down-their-pcs
Microsoft Windows

Windows 7 bug blocks users from shutting down their PCs

10 Feb 2020
Visit/in-depth/354726/sonos-speakers-are-environmentally-unsound
In-depth

Sonos speakers are environmentally unsound

9 Feb 2020