High-Severity Bug Leaves Cisco TelePresence Gear Open to Attack

cisco denial of service vulnerabilities telepresence

Cisco patches two high-severity bugs that could be exploited by remote attackers.

Cisco Systems has patched two high-severity vulnerabilities that can be exploited by remote unauthenticated adversaries to launch denial of service attacks. Impacted are Cisco’s TelePresence Video Communication Server and the company’s ASA 5500-X Series Firewalls.

The vulnerability with the widest likely impact is CVE-2019-1721, which is a flaw in the phone-book feature of Cisco Expressway Series and Cisco TelePresence Video Communication Server. Cisco notified customers on Friday of the bug, stating the flaw “could allow an authenticated, remote attacker to cause the CPU to increase to 100 percent utilization, causing a denial-of-service (DoS) condition on an affected system.”

Cisco stated in its security bulletin the bug is tied to improper handling of XML input by affected devices. An attack scenario includes an adversary sending a single Session Initiation Protocol message with a crafted XML payload exhausting the device’s CPU resulting in DoS conditions.

subscribe to Threatpost's newsletter “Manual intervention may be required to recover the device,” wrote Cisco. Additionally, the bulletin said there are no workarounds to fix the bug, but a software patch addresses the issue.



DoS conditions are also created in an attack exploiting a high-severity bug (CVE-2019-1694) in the TCP processing engine of Cisco Adaptive Security Appliance (ASA) software and Cisco Firepower Threat Defense (FTD) software. In all, nine Cisco appliances (virtual and physical) – ranging from Cisco 7600 series routers to its Adaptive Security Virtual Appliance – depend on the ASA and FTD affected software.

“The vulnerability is due to the improper handling of TCP traffic. An attacker who is using a TCP protocol that is configured for inspection could exploit this vulnerability by sending a specific sequence of packets at a high rate through an affected device,” according to the Cisco bulletin. A successful exploit could allow the attacker to disrupt traffic through the device while it reboots, it wrote.

Cisco has released a software patch for the vulnerability; however, no workaround is available.

Cisco also addressed other, medium-severity flaws. A third DoS vulnerability for instance was patched on Friday that is tied to the Cisco’s Protocol Independent Multicast (PIM) feature of Cisco IOS XR Software, used in a number of Cisco ASR 9000 series routers.

The bug (CVE-2019-1712) could allow “an unauthenticated, remote attacker to cause the PIM process to restart, resulting in a denial of service condition on an affected device,” Cisco’s bulletin stated.

A forth Cisco email security appliance filter bypass vulnerability (CVE-2019-1844) is rated medium and could allow an unauthenticated, remote attacker to bypass the filtering functionality of an affected Cisco Email Security Appliance, the company stated.

“A successful exploit could allow an attacker to send messages that contain malicious content to users,” according to Cisco.

Both vulnerabilities have software patches, but no workarounds.

The bugs were identified the day after Cisco reported 22 other high-severity vulnerabilities, and a critical bug (CVE-2019-1804) impacting the company’s software-defined networking software and its Nexus 9000 data center router.

Suggested articles