Sigurnosni propust Cisco Video Surveillance IP kamera

U Cisco Video Surveillance IP kamerama otkrivena je sigurnosna ranjivost koja omogućuje udaljenom napadaču izvođenje DoS napada.

Paket:	Cisco Video Surveillance IP Cameras 2421 Series, Cisco Video Surveillance IP Cameras 2500 Series, Cisco Video Surveillance IP Cameras 2600 Series
Operacijski sustavi:	Cisco Video Surveillance 2421 IP Camera 1.x, Cisco Video Surveillance 2500 Series IP Camera 1.x
Kritičnost:	6.4
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	uskraćivanje usluga (DoS)
Rješenje:	programska zakrpa proizvođača
CVE:	CVE-2011-3318
Izvorni ID preporuke:	cisco-sa-20111026-camera
Izvor:	Cisco

Problem:
Propust je uzrokovan nepravilnom obradom RTSP TCP paketa.
Posljedica:
Slanjem posebno oblikovanih RTSP TCP paketa, udaljeni napadač može uzrokovati ponovno pokretanje ranjivih uređaja.
Rješenje:
Korisnicima se preporuča korištenje programske zakrpe proizvođača (2.4.0 za 2421 i 2500 seriju; 4.2.0-13 za 2600).

Izvorni tekst preporuke

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Denial of Service Vulnerability in Cisco Video Surveillance IP Cameras

Advisory ID: cisco-sa-20111026-camera

Revision 1.0

For Public Release 2011 October 26 16:00  UTC (GMT)
+---------------------------------------------------------------------

Summary
=======

A denial of service (DoS) vulnerability exists in the Cisco Video
Surveillance IP Cameras 2421, 2500 series and 2600 series of devices.
An unauthenticated, remote attacker could exploit this vulnerability
by sending crafted RTSP TCP packets to an affected device. Successful
exploitation prevents cameras from sending video streams, subsequently
causing a reboot. The camera reboot is done automatically and does not
require action from an operator.

There are no workarounds available to mitigate exploitation of this
vulnerability that can be applied on the Cisco Video Surveillance IP
Cameras.  Mitigations that can be deployed on Cisco devices within the
network are available.

This advisory is posted at:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20111026-camera

Note: Effective October 18, 2011, Cisco moved the current list of
Cisco Security Advisories and Responses published by Cisco PSIRT. The
new location is:
http://tools.cisco.com/security/center/publicationListing 

You can also navigate to this page from the Cisco Products and
Services menu of the Cisco Security Intelligence Operations (SIO)
Portal. Following this transition, new Cisco Security Advisories and
Responses will be published to the new location. Although the URL has
changed, the content of security documents and the vulnerability
policy are not impacted. Cisco will continue to disclose security
vulnerabilities in accordance with the published Security
Vulnerability Policy.

Affected Products
=================

Vulnerable Products
+------------------

Cisco Video Surveillance IP Cameras 2421, 2500 series, and 2600
series are affected by this vulnerability.

For Cisco Video Surveillance 2421 and 2500 series IP Cameras, all
1.1.x software releases and releases prior 2.4.0 are affected by this
vulnerability.Ã

Sigurnosni propust Cisco Video Surveillance IP kamera

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Sigurnosni propust Cisco Video Surveillance IP kamera

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti