Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Cisco TelePresence TC and TE Software DNS Buffer Overflow Vulnerability

 

Systems Affected


Cisco TC S/W Version 4.x and 5.x
Cisco TE S/W Version 4.x and 6.x

Threat Level

Overview


A vulnerability have been reported in the implementation of the DNS code of Cisco TelePresence TC and TE Software which could allow an unauthenticated remote attacker to create a buffer overflow and execute arbitrary code.


Description


This vulnerability is due to insufficient bounds check on variables. A remote attacker could exploit this vulnerability by injecting crafted DNS response packets.

Successful exploitation of this vulnerability could allow an attacker to trigger a buffer overflow condition that could be used to execute arbitrary code and could completely compromise the system.


Impact



Solution/ Workarounds


Apply appropriate updates as mentioned in CISCO vulnerability alert
http://tools.cisco.com/security/center/viewAlert.x?alertId=33892


References


http://www.cert-in.org.in/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.