Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.1272 Cisco TelePresence IX5000 Series Directory Traversal Vulnerability 18 May 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Cisco TelePresence IX5000 Publisher: Cisco Systems Operating System: Cisco Impact/Access: Access Confidential Data -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2017-6652 Original Bulletin: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco TelePresence IX5000 Series Directory Traversal Vulnerability Advisory ID: cisco-sa-20170517-telepresence-ix5000 Revision: 1.0 For Public Release: 2017 May 17 16:00 GMT Last Updated: 2017 May 17 16:00 GMT CVE ID(s): CVE-2017-6652 CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N +--------------------------------------------------------------------- Summary ======= A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000"] - -----BEGIN PGP SIGNATURE----- iQKBBAEBAgBrBQJZHHQqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHln1Q//SljLBO/PA85x1yt2 R+s88p9fwSzcLV01Z9GOrTo12a3RafY+2sxr+unnHFJe865I7DIOfqcu3O0RnyHJ EaLZx43d6fWchewLyv8YEVqk588Gw+gtOcwlsqMHWzyQneCL553Oh91pe/LLG3yx So+iyZJJWKEY0k9eAz4yC7R3+y4vjV/+Y/0rTF0LrvTc6/N6P3S8ZiB9msJZoR3o n5T98CWu/2ok1WW1mUUpxl5ylI2fM/p0iYb81ZDX3ra7Hq0Ktmv1fXuPs+i16jT3 0kR+BQBBqT54LOUuyWeoiLFlzR1ZAnhvVMlBWD+zmGOVL0rrrI7khK8utHUiyyDh 6UQzoEwD5+pTXKGgN23I8BZSwE77jpYxZSVR8dBn0CbBEhr0f0wl1ra4N2dnzYyc 1p6C8Fz++6mFX08zioB1l/fx1WP6wX3fB3q/57Gdq9zl8Dp4j3VHojTP+skA2fkq IdJzfoWMuJWFlfIRebtGy7hr8hbOTgVlPChlTO/hiRpP8ZNOVw/N6mizOEIXFvnN AIpgj93sDZ+nowcZxw+ursln9MRgF973jR1imEeJKFNKrsaxrlXH6ROxdIpMy4tb xeypC7tJRGRn/bIrQUWbxLQtMkhHUvwsi8XX3yxL5a6tl4TzzAUyYiKI8vepfreI YGbQENyHwMtrn+/k1p227RkPqwk= =Cl6Y - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIUAwUBWR0ktYx+lLeg9Ub1AQjm7g/3SG6hxK/eUG7I7ifn3WdeKWe0JNATgu7X lY692La+LAFIWNWbAFBQtw5fVg8rcv5oOm25qSwHalxlcnnP7vuuhVfosqR1+yOi h2aT7qsaOPDTVHz875jKN14HcWHuxFYtapnxldFJq6g2rJ9G3x9TMfUFLmXLS2s0 cS3LYfXS7KKracHcj/qeIVgWW1vZlh6Swr4ZQqV+CgYqA1Zj9sZBr2+p9FBJp3Oc egMhoCzQbwsHf5lg2izyXerbKbKRwDUc/lDxcjk1waJUdDj/6C+WA/6Om1q8RvS9 GiwRohp2QCZfOMtLvcSGgkVFvWpESE/TtUg402fdzWQdvqvydOKIEB3jKuFKOtbz 93M3JtoM3utqovjibHqb3P23QZL3JDdlQreO/7MobiEbcoA2er+2VWnz2rxUxorO SnyDjKraP2ru/ZDaRSVHaBoWyhbyJ9e4Y5p9etzwUqSkwUpq5e/rX5KF8CNk/22M jMMVK1AqsjDW/2YioAC5kOfIlpbbesGLnluu1Xxu1oV1SkGMMOmsNkQdE/tngacW 2FpT3fHJqX2tJCObmkvYsJJPLVJDdFN45naQQNR7BE8N3/IntQZ6wRizIlvFQhTP vsYNUGiETC5cG5v1OqMhzIt5GG7J7D+WxdITXPKUc1KVKb9hwr3PYK1krPtDdheY zGpo60mMmg== =9MDz -----END PGP SIGNATURE-----