Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco TelePresence Server Crafted IPv6 Packet Handling Denial of Service Vulnerability

cisco-sa-20160406-cts · High · Published · Updated

A vulnerability in Cisco TelePresence Server devices running software versions 3.0 through 4.2(4.18) could allow an unauthenticated, remote attacker to cause a kernel panic on the device. The vulnerability exists due to a failure to properly handle a specially crafted stream of IPv6 packets. A successful exploit could allow an attacker to cause a kernel panic, rebooting the device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts

Cisco advisory · CSAF JSON

Workarounds

Customers that do not use IPv6 for teleconferencing can disable IPv6 as a workaround until the system can be updated.

Customers can disable IPv6 calling with the following commands:

Network > Network Settings > IP Configuration

 

Disable IPv6 on the port.

 

Note: You can disable IPv6 on the TelePresence Server port, but only if logged in using IPv4.

 

When finished, click Update IP Configuration.

CVEsCVE-2016-1346
Cisco Bug IDsCSCuu46673
CVSS ScoreBase 7.1
Base 7.1 AV:N/AC:M/Au:N/C:N/I:N/A:C/E:F/RL:OF/RC:C
Product Names From Source
Cisco TelePresence Server Software, Cisco TelePresence Server

Related Products

Product CVE Evidence
Cisco TelePresence Server Software CVE-2016-1346 Cisco OpenVuln
Cisco TelePresence Server CVE-2016-1346 Cisco OpenVuln
Cisco TelePresence CVE-2016-1346 Cisco OpenVuln