Cisco patches TelePresence control unit flaw

Cisco issues another patch for a security issue with a conferencing system

Cisco has patched a flaw in its TelePresence system that could allow hackers to run code or cause a denial-of-service attack. 

The flaw in Cisco TelePrescence Multipoint Control Units has already been addressed via a patch, so admins should ensure software is up to date. 

"The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets," Cisco said in an alert. "An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system."

The company said the 5300 Series, MSE 8510, and MCU 4500 models were at risk, but not the 4200 Series or the MSE 8420. However, Cisco isn't patching the MCU 4500, saying it passed the end of maintenence milestone in July of last year.

Advertisement
Advertisement - Article continues below

If users need to delay installing the patch or are using the MCU 4500, there is one mitigation: configure the MCU software to use transcoded content instead of passthrough content. That mode was only introduced in version 4.3 of the software, so older versions are not affected. 

Cisco stressed that its security incident response team hasn't yet seen any attacks using the vulnerability, with the flaw spotted "during the resolution of a support case". 

The patch follows a critical flaw in Cisco's WebEx Chrome plugin, which could have allowed hackers to execute code remotely on the machines of the tens of millions of businesses that use the web-based conferecing system. Cisco patched the system last week.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019
Visit/network-internet/wifi-hotspots/354283/industrial-wi-fi-6-trial-reveals-blistering-speeds
wifi & hotspots

Industrial Wi-Fi 6 trial reveals blistering speeds

5 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019