Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2014.1862 Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software 16 October 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco TelePresence Video Communication Server Cisco Expressway Software Publisher: Cisco Systems Operating System: Cisco Impact/Access: Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-3368 CVE-2014-3369 CVE-2014-3370 Original Bulletin: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software Advisory ID: cisco-sa-20141015-vcs http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs Revision 1.0 For Public Release 2014 October 15 16:00 UTC (GMT) +--------------------------------------------------------------------- Summary ======= Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software includes the following vulnerabilities: Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability Succesfull exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the affected system, which may result in a Denial of Service (DoS) condition. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVD6P+4pI1I6i1Mx3AQLo3w//b7W6uaV0LtUS6ij/XXH0YhnSHJqwTJvZ 5DNBjIAuHDBW53An4CU9dAEyjRLQSEgmGS5eLLCQtw2HuPWCTLxaAl+2CTVeKsZs 6afHx9OKYiMGlHQuZiAYupB5xjqhLTXpo0XgHZsgn+PBmhlcg6DE8l6EHEGZEAJJ Em4WQszSN8mKVqgD6r2ZcK7atQ6TFVTOxjxTTF8DeC/il5kC4XuUR/apBu2VqltY HrNnNQ0lEUQSEI/veCpVQqC6QPioFP7Fjg38FCi5bi/AtSTZyLvHRt4gakNNeDMc t6oGHiYexDJnrTyNxZI3YbIZQOTLahHJajt8ZU837VTB/bUI8ULNptTw3TnObPdp OQU/ah/moLNsaD+oyHqQyaO01KdZbZAAXNm11hRulfhXj/1Yjxy0Nft6Bi1v/l6m HlrFTzD9F705A1li3cVkVc5Yv8kiD4TtK/tUTPRg/3lb/Dxkntui5LIglurft3OC uDCnLLBL6vNrhjXz+JNgiRjE4H9CEU8qk6lR9Dhkzgc2OAb/+TcB3RdAtDlNrsIO 9zr8FxhufzUHgTrikUL3Kan23AcDNK1myLVyUY/3wfW4grdmLECFr3PNccohIMTC d0BkAacqacMiyBkD6AZibAiBYYomCNnAsRTKZedeHZTgch+YVXJrl9f6NRpGFW1W V7PLGyasDgU= =21uO - -----END PGP SIGNATURE----- _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBVD85zBLndAQH1ShLAQLgaRAArI/zP1aX/cuzCnRW2FMVNEaBnhT8Db4m JS5e2ndBroDfQ0QI0t5pavgCZvjQMqdvtMULNoJxErYUMd86bi0E1zrX2qc9J47G phoL1+nuExkM/l6T+yjPrZU6bCykOoxss0C0UxRgFGlZltntF2LjLDFpHDqGMrCT xXR7nA0LOxzZvYviZ8+WNPmN/3sozG5VVk6Rezc4AlhPLoz/N8Y9+RReDYhF0kAR deNjFURvOX0F19UheLmMiMhY9W3boBNinz3TV+XNQfO6pCT+t5beduLVBPwJkv4Q lvecBKh4L02BELt5aYk5/+nwOlA2/IxQXz6vO+7VC3GDOuqgmco6ILTeOF72mVt/ KlNt1Sdmvl/0iYKEbklmU+gaMovLMYAiVsFusS1rB3qps9oYGGd6KR/2vCUkORdT 7Pv73NpSONUL8apJ05yicLPsMOqGkmcnhf3vCXus/EXwa3xN+0VS0UmohZ1OceIa GDa8sPJC3hfX8r+GIRSJ/Pa2c3pGqTafSSO6OHthNnlKzMv/DU8vVLOuBbW1L0Pc KIQAnwBvtzo65KIbW+MTA5aDmgriNKmRwhyHrjoiuARAlBFMJhGkuP2wo7mSAOJ2 J2astB3ZxOsGYBtKK28ZJMuWRVBJ30DmTyHClWzLE2By2Oa3R1jJ1t1QB0E+/hEU qgOG5L23RyU= =FVAK -----END PGP SIGNATURE-----