-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2017.1272
    Cisco TelePresence IX5000 Series Directory Traversal Vulnerability
                                18 May 2017

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Cisco TelePresence IX5000
Publisher:         Cisco Systems
Operating System:  Cisco
Impact/Access:     Access Confidential Data -- Remote/Unauthenticated
Resolution:        Patch/Upgrade
CVE Names:         CVE-2017-6652  

Original Bulletin: 
   https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cisco Security Advisory: Cisco TelePresence IX5000 Series Directory Traversal Vulnerability

Advisory ID: cisco-sa-20170517-telepresence-ix5000

Revision: 1.0

For Public Release: 2017 May 17 16:00 GMT

Last Updated: 2017 May 17 16:00 GMT

CVE ID(s): CVE-2017-6652

CVSS Score v(3): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

+---------------------------------------------------------------------

Summary
=======
A vulnerability in the web framework of the Cisco TelePresence IX5000 Series could allow an unauthenticated, remote attacker to access arbitrary files on an affected device.

The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using directory traversal techniques to read files within the Cisco TelePresence IX5000 Series filesystem.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000 ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170517-telepresence-ix5000"]

- -----BEGIN PGP SIGNATURE-----

iQKBBAEBAgBrBQJZHHQqZBxDaXNjbyBTeXN0ZW1zIFByb2R1Y3QgU2VjdXJpdHkg
SW5jaWRlbnQgUmVzcG9uc2UgVGVhbSAoQ2lzY28gUFNJUlQga2V5IDIwMTYtMjAx
NykgPHBzaXJ0QGNpc2NvLmNvbT4ACgkQrz2APcQAkHln1Q//SljLBO/PA85x1yt2
R+s88p9fwSzcLV01Z9GOrTo12a3RafY+2sxr+unnHFJe865I7DIOfqcu3O0RnyHJ
EaLZx43d6fWchewLyv8YEVqk588Gw+gtOcwlsqMHWzyQneCL553Oh91pe/LLG3yx
So+iyZJJWKEY0k9eAz4yC7R3+y4vjV/+Y/0rTF0LrvTc6/N6P3S8ZiB9msJZoR3o
n5T98CWu/2ok1WW1mUUpxl5ylI2fM/p0iYb81ZDX3ra7Hq0Ktmv1fXuPs+i16jT3
0kR+BQBBqT54LOUuyWeoiLFlzR1ZAnhvVMlBWD+zmGOVL0rrrI7khK8utHUiyyDh
6UQzoEwD5+pTXKGgN23I8BZSwE77jpYxZSVR8dBn0CbBEhr0f0wl1ra4N2dnzYyc
1p6C8Fz++6mFX08zioB1l/fx1WP6wX3fB3q/57Gdq9zl8Dp4j3VHojTP+skA2fkq
IdJzfoWMuJWFlfIRebtGy7hr8hbOTgVlPChlTO/hiRpP8ZNOVw/N6mizOEIXFvnN
AIpgj93sDZ+nowcZxw+ursln9MRgF973jR1imEeJKFNKrsaxrlXH6ROxdIpMy4tb
xeypC7tJRGRn/bIrQUWbxLQtMkhHUvwsi8XX3yxL5a6tl4TzzAUyYiKI8vepfreI
YGbQENyHwMtrn+/k1p227RkPqwk=
=Cl6Y
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIUAwUBWR0ktYx+lLeg9Ub1AQjm7g/3SG6hxK/eUG7I7ifn3WdeKWe0JNATgu7X
lY692La+LAFIWNWbAFBQtw5fVg8rcv5oOm25qSwHalxlcnnP7vuuhVfosqR1+yOi
h2aT7qsaOPDTVHz875jKN14HcWHuxFYtapnxldFJq6g2rJ9G3x9TMfUFLmXLS2s0
cS3LYfXS7KKracHcj/qeIVgWW1vZlh6Swr4ZQqV+CgYqA1Zj9sZBr2+p9FBJp3Oc
egMhoCzQbwsHf5lg2izyXerbKbKRwDUc/lDxcjk1waJUdDj/6C+WA/6Om1q8RvS9
GiwRohp2QCZfOMtLvcSGgkVFvWpESE/TtUg402fdzWQdvqvydOKIEB3jKuFKOtbz
93M3JtoM3utqovjibHqb3P23QZL3JDdlQreO/7MobiEbcoA2er+2VWnz2rxUxorO
SnyDjKraP2ru/ZDaRSVHaBoWyhbyJ9e4Y5p9etzwUqSkwUpq5e/rX5KF8CNk/22M
jMMVK1AqsjDW/2YioAC5kOfIlpbbesGLnluu1Xxu1oV1SkGMMOmsNkQdE/tngacW
2FpT3fHJqX2tJCObmkvYsJJPLVJDdFN45naQQNR7BE8N3/IntQZ6wRizIlvFQhTP
vsYNUGiETC5cG5v1OqMhzIt5GG7J7D+WxdITXPKUc1KVKb9hwr3PYK1krPtDdheY
zGpo60mMmg==
=9MDz
-----END PGP SIGNATURE-----