Cisco Patches Critical TelePresence Vulnerability

Cisco alerted customers three vulnerabilities, one critical and two high, along with patches to fix them.

Cisco Systems said it has patched a critical flaw tied to its TelePresence hardware that allowed unauthorized third-parties to access the system via an API bug. The networking behemoth also alerted customers to a duo of denial of service attack vulnerabilities that represent a high risk for its FirePOWER firewall hardware.

The United States Computer Emergency Readiness Team (US-CERT) issued an alert on Wednesday and said Cisco has provided patches for the affected products.

The most serious of the flaws is tied to Cisco’s TelePresence XML application programming interface and allows hackers to bypass the authentication process for its TelePresence EX, MX, SX and VX hardware. Hackers with knowledge of the vulnerability are able to perform unauthorized configuration changes or issue control commands to TelePresence hardware running affected software.

Cisco issued a patch (CVE-2016-1387) for the TelePresence bug. Cisco wrote: “The vulnerability is due to improper implementation of authentication mechanisms for the XML API of the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to the XML API.”

Cisco also notified customers on Wednesday of two vulnerabilities labeled as high that could allow an attacker to launch denial of service attacks. Both these vulnerabilities are tied to Cisco’s enterprise firewall hardware (ASA 5585-X FirePOWER SSP).

One of those denial of service vulnerabilities (CVE-2016-1369) stems from a flaw in the kernel logging configuration for Firepower System Software for the Adaptive Security Appliance. According to Cisco the bug “could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high consumption of system resources.”

Cisco said there are no workarounds for the vulnerabilities and is urging customers to download a free software update for affected software.

The second vulnerability is also classified as high and relates to the firewall hardware’s (ASA 5585-X FirePOWER SSP) packet processing functions. Cisco says the flaw (CVE-2016-1368) could allow a remote attacker to trigger an affected firewall sub-system to stop inspecting and processing packets, resulting in conditions ripe for a denial of service attack.

“The vulnerability is due to improper packet handling by the affected software when packets are passed through the sensing interfaces of an affected system. An attacker could exploit this vulnerability by sending crafted packets through a targeted system,” Cisco wrote.

Specific products affected by the packet processing vulnerability are both Cisco’s FirePOWER firewall models 7000 and 8000 running FirePOWER System Software releases 5.3.0 through 5.3.0.6 and 5.4.0 through 5.4.0.3.

Updates to fix the vulnerability can be found on Cisco’s site.

Suggested articles