Uočeni su i ispravljeni propusti u radu Cisco TelePresence Recording poslužitelja koje su potencijalni napadači mogli iskoristiti za umetanje i proizvoljno izvršavanje programskog koda s povećanim privilegijama te za DoS napad.
Paket:
Cisco TelePresence Recording Server
Operacijski sustavi:
Cisco TelePresence Recording Server 1.x
Problem:
neodgovarajuća provjera ulaznih podataka, pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda, uskraćivanje usluga (DoS)
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
cisco-sa-20120711-ctrs
Izvor:
Cisco
Problem:
Ranjivosti su povezane s obradom IP i Cisco Discovery Protocol paketa. Također, javlja se i nespecificirani problem u web sučelju za administratore sustava.
Posljedica:
Udaljeni zlonamjeran korisnik može iskoristiti nedostatke za umetanje i proizvoljno izvršavanje programskog koda s povećanim ovlastima te za napad uskraćivanjem usluga (DoS).
Rješenje:
Svim korisnicima se savjetuje primjena programskih rješenja proizvođača te čitanje izvorne preporuke za više informacija.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco TelePresence Recording Server
Advisory ID: cisco-sa-20120711-ctrs
Revision 1.0
For Public Release 2012 July 11 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco TelePresence Recording Server contains the following vulnerabilities:
Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
Cisco TelePresence Web Interface Command Injection
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution
Vulnerability
Exploitation of the Cisco TelePresence Malformed IP Packets Denial of
Service Vulnerability may allow a remote, unauthenticated attacker to
create a denial of service condition, preventing the product from
responding to new connection requests and potentially causing some
services and processes to crash.
Exploitation of the Cisco TelePresence Web Interface Command Injection
may allow an authenticated, remote attacker to execute arbitrary
commands on the underlying operating system with elevated privileges.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote
Code Execution Vulnerability may allow allow an unauthenticated,
adjacent attacker to execute arbitrary code with elevated privileges.
Cisco has released updated software that resolves the command and code
execution vulnerabilities. There are currently no plans to resolve
the malformed IP packets denial of service vulnerability, as this
product is no longer being actively supported.
There are no workarounds that mitigate these vulnerabilities.
Customers should contact their Cisco Sales Representative to determine
the Business Unit responsible for their Cisco TelePresence Recording
Server.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAk/9izAACgkQUddfH3/BbTpgpwD/TQOz5H0BG4ogU7mv8ZnqT69E
bgkxiXeO+2F8ogOPR/gA/iVsXNVK3OOeTYTZx5VCTqjGdtn/QRPNjUFyv5vu/OOH
=wEHe
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
To unsubscribe, send the command "unsubscribe" in the subject of your message to
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke