Vulnslist

find the latest Cisco vulnerabilities

Multiple Vulnerabilities in Cisco TelePresence TC and TE Software

cisco-sa-20130619-tpc · High · Published · Updated

Cisco TelePresence TC and TE Software contain two vulnerabilities in the implementation of the Session Initiation Protocol (SIP) that could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition. Additionally, Cisco TelePresence TC Software contain an adjacent root access vulnerability that could allow an attacker on the same physical or logical Layer-2 network as the affected system to gain an unauthenticated root shell. Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate the Cisco TelePresence TC and TE Software SIP Denial of Service vulnerabilities are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130619-tpc

Cisco advisory · CSAF JSON

Workarounds

Cisco TelePresence TC and TE Software SIP Denial of Service Vulnerabilities

If SIP it is not in use, a possible workaround for these vulnerabilities can be achieved by disabling the SIP service: set the NetworkServices SIP Mode to Off by issuing the following xCommand:
xConfiguration NetworkServices SIP Mode: Off
Alternatively, administrators can use the web interface to disable the SIP service: navigate to Configuration > Advanced Configuration > Network Services and set the SIP mode to Off.

Cisco TelePresence TC Software Adjacent root Access Vulnerability

There is no workaround that mitigates this vulnerability.

CVEsCVE-2013-3377, CVE-2013-3378, CVE-2013-3379
Cisco Bug IDsCSCts37781, CSCue01743, CSCuf89557
CVSS ScoreBase 7.8
Base 7.8 AV:N/AC:L/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Base 8.3 AV:A/AC:L/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco TelePresence TC Software, Cisco TelePresence TE Software

Related Products

Product CVE Evidence
Cisco TelePresence TE Software CVE-2013-3379 Cisco OpenVuln
Cisco TelePresence TE Software CVE-2013-3378 Cisco OpenVuln
Cisco TelePresence TE Software CVE-2013-3377 Cisco OpenVuln
Cisco TelePresence TC Software CVE-2013-3379 Cisco OpenVuln
Cisco TelePresence TC Software CVE-2013-3378 Cisco OpenVuln
Cisco TelePresence TC Software CVE-2013-3377 Cisco OpenVuln
Cisco TelePresence CVE-2013-3379 Cisco OpenVuln
Cisco TelePresence CVE-2013-3378 Cisco OpenVuln
Cisco TelePresence CVE-2013-3377 Cisco OpenVuln