-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2014.1862
           Multiple Vulnerabilities in Cisco TelePresence Video
            Communication Server and Cisco Expressway Software
                              16 October 2014

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco TelePresence Video Communication Server
                   Cisco Expressway Software
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Denial of Service -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2014-3368 CVE-2014-3369 CVE-2014-3370

Original Bulletin: 
   http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Video Communication Server and Cisco Expressway Software

Advisory ID: cisco-sa-20141015-vcs

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

Revision 1.0

For Public Release 2014 October 15 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Software includes the following vulnerabilities:

    Cisco TelePresence VCS and Cisco Expressway Crafted Packets Denial of Service Vulnerability
    Cisco TelePresence VCS and Cisco Expressway SIP IX Filter Denial of Service Vulnerability
    Cisco TelePresence VCS and Cisco Expressway SIP Denial of Service Vulnerability

Succesfull exploitation of any of these vulnerabilities could allow an unauthenticated, remote attacker to cause a reload of the affected system, which may result in a Denial of Service (DoS) condition.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-vcs

- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVD6P+4pI1I6i1Mx3AQLo3w//b7W6uaV0LtUS6ij/XXH0YhnSHJqwTJvZ
5DNBjIAuHDBW53An4CU9dAEyjRLQSEgmGS5eLLCQtw2HuPWCTLxaAl+2CTVeKsZs
6afHx9OKYiMGlHQuZiAYupB5xjqhLTXpo0XgHZsgn+PBmhlcg6DE8l6EHEGZEAJJ
Em4WQszSN8mKVqgD6r2ZcK7atQ6TFVTOxjxTTF8DeC/il5kC4XuUR/apBu2VqltY
HrNnNQ0lEUQSEI/veCpVQqC6QPioFP7Fjg38FCi5bi/AtSTZyLvHRt4gakNNeDMc
t6oGHiYexDJnrTyNxZI3YbIZQOTLahHJajt8ZU837VTB/bUI8ULNptTw3TnObPdp
OQU/ah/moLNsaD+oyHqQyaO01KdZbZAAXNm11hRulfhXj/1Yjxy0Nft6Bi1v/l6m
HlrFTzD9F705A1li3cVkVc5Yv8kiD4TtK/tUTPRg/3lb/Dxkntui5LIglurft3OC
uDCnLLBL6vNrhjXz+JNgiRjE4H9CEU8qk6lR9Dhkzgc2OAb/+TcB3RdAtDlNrsIO
9zr8FxhufzUHgTrikUL3Kan23AcDNK1myLVyUY/3wfW4grdmLECFr3PNccohIMTC
d0BkAacqacMiyBkD6AZibAiBYYomCNnAsRTKZedeHZTgch+YVXJrl9f6NRpGFW1W
V7PLGyasDgU=
=21uO
- -----END PGP SIGNATURE-----
_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVD85zBLndAQH1ShLAQLgaRAArI/zP1aX/cuzCnRW2FMVNEaBnhT8Db4m
JS5e2ndBroDfQ0QI0t5pavgCZvjQMqdvtMULNoJxErYUMd86bi0E1zrX2qc9J47G
phoL1+nuExkM/l6T+yjPrZU6bCykOoxss0C0UxRgFGlZltntF2LjLDFpHDqGMrCT
xXR7nA0LOxzZvYviZ8+WNPmN/3sozG5VVk6Rezc4AlhPLoz/N8Y9+RReDYhF0kAR
deNjFURvOX0F19UheLmMiMhY9W3boBNinz3TV+XNQfO6pCT+t5beduLVBPwJkv4Q
lvecBKh4L02BELt5aYk5/+nwOlA2/IxQXz6vO+7VC3GDOuqgmco6ILTeOF72mVt/
KlNt1Sdmvl/0iYKEbklmU+gaMovLMYAiVsFusS1rB3qps9oYGGd6KR/2vCUkORdT
7Pv73NpSONUL8apJ05yicLPsMOqGkmcnhf3vCXus/EXwa3xN+0VS0UmohZ1OceIa
GDa8sPJC3hfX8r+GIRSJ/Pa2c3pGqTafSSO6OHthNnlKzMv/DU8vVLOuBbW1L0Pc
KIQAnwBvtzo65KIbW+MTA5aDmgriNKmRwhyHrjoiuARAlBFMJhGkuP2wo7mSAOJ2
J2astB3ZxOsGYBtKK28ZJMuWRVBJ30DmTyHClWzLE2By2Oa3R1jJ1t1QB0E+/hEU
qgOG5L23RyU=
=FVAK
-----END PGP SIGNATURE-----