Cisco Patches Telepresence Attack Flaw

Cisco said its Telepresence control units are affected by a bug that could allow remote attackers to execute malicious code or shut down the system.

The Telepresence products, which offer a high-end form of teleconferencing, contain a vulnerability in the way they deal with IP packets that could allow a buffer overflow, Cisco said in an advisory.

Buffer overflow

“The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets,” Cisco said. “An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a (denial-of-service) condition on the affected system.”

The company said it had discovered the bug while resolving a technical support issue and wasn’t aware of reports of the issue being exploited.

It said the Telepresence MCU 5300 Series, MCU MSE 8510 and MCU 4500 products are vulnerable, while the MCU 4200 Series and MCU MSE 8420 have been confirmed as not vulnerable.

No workaround

A patch is available for the affected devices, with the exception of the MCU 4500, which Cisco said reached the end of its software support in July of last year.

For those unable to patch right away, no workaround is available, which could leave those systems exposed to attacks now that the vulnerability has been disclosed, Cisco said.

However, the problem can be mitigated by setting the software to use Transcoded content mode rather than Passthrough mode, according to the advisory. Cisco warned the settings change may result in lower-quality video resolution.

Last week the company issued an express patch for a bug in its WebEx plugin for the Chrome browser, used by around 20 million clients, which could have allowed attackers to execute malicious code on Windows systems.

Do you know all about security? Try our quiz!