Kod Cisco TelePresence Endpoint uređaja uočeni su i ispravljeni sigurnosni nedostaci. Potencijalni napadači ih mogu iskoristiti za umetanje i proizvoljno izvršavanje programskog koda i proizvoljnih naredbi.
Paket:
Cisco TelePresence Endpoint Devices
Operacijski sustavi:
Cisco TelePresence Endpoint Devices 1.x
Problem:
pogreška u programskoj komponenti
Iskorištavanje:
udaljeno
Posljedica:
dobivanje većih privilegija, proizvoljno izvršavanje programskog koda
Rješenje:
programska zakrpa proizvođača
Izvorni ID preporuke:
cisco-sa-20120711-cts
Izvor:
Cisco
Problem:
Uočeni su propusti u web sučelju namijenjenom za administratore sustava te u implementaciji Cisco Discovery protokola. Osim toga dolazi i do neodgovarajuće obrade zahtjeva poslanih na TCP priključak (eng. port) 61460.
Posljedica:
Zlonamjerni napadači navedene nedostatke mogu iskoristiti za umetanje i proizvoljno izvršavanje programskog koda s povećanim privilegijama i pokretanje proizvoljnih naredbi.
Rješenje:
Preporuča se primjena službenih programskih zakrpa proizvođača.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices
Advisory ID: cisco-sa-20120711-cts
Revision 1.0
For Public Release 2012 July 11 16:00 UTC (GMT)
+---------------------------------------------------------------------
Summary
=======
Cisco TelePresence Endpoint devices contain the following vulnerabilities:
Cisco TelePresence API Remote Command Execution Vulnerability
Cisco TelePresence Remote Command Execution Vulnerability
Cisco TelePresence Cisco Discovery Protocol Remote Code Execution
Vulnerability
Exploitation of the API Remote Command Execution vulnerability could
allow an unauthenticated, adjacent attacker to inject commands into
API requests. The injected commands will be executed by the
underlying operating system in an elevated context.
Exploitation of the Remote Command Execution vulnerability could allow
an authenticated, remote attacker to inject commands into requests
made to the Administrative Web interface. The injected commands will
be executed by the underlying operating system in an elevated context.
Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote
Code Execution Vulnerability may allow an unauthenticated, adjacent
attacker to execute arbitrary code with elevated privileges.
Cisco has released free software updates that address these vulnerabilities.
There are no workarounds that mitigate these vulnerabilities.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
iF4EAREIAAYFAk/9lu0ACgkQUddfH3/BbTqlngD/QXo0Y0ds6xqOEA9HjbtVmqCB
u3xsHxnWro9ApV48wVoA/RTrZe8zBeFxEHss91AYC3bYXbTGltCP91audYSv6LUc
=PjIb
-----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
To unsubscribe, send the command "unsubscribe" in the subject of your message to
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
Posljednje sigurnosne preporuke