Cisco Security Advisory
Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software
AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
-
Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software includes the following vulnerabilities:
- Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability
- Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability
- Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs
Note: This security advisory does not provide information about the GNU Bash Environment Variable Command Injection Vulnerability (also known as Shellshock). For additional information regarding Cisco products affected by this vulnerability, refer to the Cisco Security Advisory at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
-
Vulnerable Products
These vulnerabilities apply to the following products running an affected version of software:
- Cisco TelePresence VCS Control
- Cisco TelePresence VCS Expressway
- Cisco TelePresence VCS Starter Pack Expressway
- Cisco Expressway Core
- Cisco Expressway Edge
The Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability and Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability affect Cisco TelePresence VCS or Cisco Expressway in default configuration.
The Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability affects the Cisco TelePresence VCS or Cisco Expressway if IX filter is configured. To determine whether the IX filter is configured, use the xconfig zone zone command and verify that xConfiguration Zones Zone 2 Neighbor SIP UDP IX Filter Mode parameter is set to On. The following example shows a Cisco TelePresence VCS or Cisco Expressway with the IX filter enabled:
[...]
*c xConfiguration Zones Zone 2 Neighbor SIP SearchAutoResponse: "Off"
*c xConfiguration Zones Zone 2 Neighbor SIP TLS Verify Mode: "Off"
*c xConfiguration Zones Zone 2 Neighbor SIP Transport: "TCP"
*c xConfiguration Zones Zone 2 Neighbor SIP UDP BFCP Filter Mode: "Off"
*c xConfiguration Zones Zone 2 Neighbor SIP UDP IX Filter Mode: "On"
*c xConfiguration Zones Zone 2 Neighbor SIP UPDATE Strip Mode: "Off"
*c xConfiguration Zones Zone 2 Neighbor SignalingRouting Mode: "Auto"
*c xConfiguration Zones Zone 2 Neighbor ZoneProfile: "CiscoUnifiedCommunicationsManagerBFCP"
[...]Products Confirmed Not Vulnerable
No other Cisco products are currently known to be affected by these vulnerabilities.
-
Cisco TelePresence VCS extends the benefits of face-to-face video collaboration across networks and organizations by supporting any-to-any video and telepresence communications. Cisco Expressway is designed specifically for comprehensive collaboration services provided through Cisco Unified Communications Manager, Cisco Business Edition, or Cisco Hosted Collaboration Solution. It features established firewall-traversal technology and helps redefine traditional enterprise collaboration boundaries.
Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability
A vulnerability in the packets processing function could allow an unauthenticated, remote attacker to cause a kernel crash and the reload of the affected system.
The vulnerability is due to insufficient sanitization of crafted packets when processed by the system. An attacker could exploit this vulnerability by sending crafted IP packets to the affected system at a high rate.
This vulnerability is documented in Cisco bug ID CSCui06507 (registered customers only) and has been assigned Common Vulnerability and Exposures (CVE) ID CVE-2014-3368
Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability
A vulnerability in the Session Initiation Protocol (SIP) IX Channel feature code could allow an unauthenticated, remote attacker to cause the reload of the affected system.
The vulnerability is due to improper handling of crafted Session Description Protocol (SDP) packets when the IX filter is configured. An attacker could exploit this vulnerability by sending crafted SDP packets to the affected system.
This vulnerability is documented in Cisco bug ID CSCuo42252 (registered customers only) and has been assigned CVE ID CVE-2014-3369
Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability
A vulnerability in Session Initiation Protocol (SIP) module could allow an unauthenticated, remote attacker to cause the reload of the affected system.
The vulnerability is due to improper handling of crafted SIP packets. An attacker could exploit this vulnerability by sending crafted SIP packets to the affected system
This vulnerability is documented in Cisco bug ID CSCum60447 (registered customers only) and CSCum60442 (registered customers only) and has been assigned CVE ID CVE-2014-3370
-
There are no workarounds for these vulnerabilities.
-
When considering software upgrades, customers are advised to consult the Cisco Security Advisories, Responses, and Notices archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
The following table summarizes the first fixed release for each vulnerability in both Cisco TelePresence VCS and Cisco Expressway software. The Recommended Release row gives information on the recommended release that resolves all the vulnerabilities in this security advisory.
First Fixed Release
Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability
X8.2 and later
Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability
X8.1.1 and later
Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability
X8.1.1 and later
Recommended Release
X8.2 and later
Note: This security advisory does not provide information about the GNU Bash Environment Variable Command Injection Vulnerability (also known as Shellshock). Customer should refer to the Cisco Security Advisory at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash before making decisions about the Cisco TelePresence VCS or Cisco Expressway software version.
-
The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities that are described in this advisory.
These vulnerabilities were found during internal tests.
-
To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
-
Revision 1.0 2014-October-15 Initial public release
-
THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A stand-alone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy, and may lack important information or contain factual errors. The information in this document is intended for end-users of Cisco products.