|
Systems Affected
• Cisco TC S/W Version 4.x and 5.x
• Cisco TE S/W Version 4.x and 6.x
Threat Level
Overview
A vulnerability have been reported in the implementation of the DNS code of Cisco TelePresence TC and TE Software which could allow an unauthenticated remote attacker to create a buffer overflow and execute arbitrary code.
Description
This vulnerability is due to insufficient bounds check on variables. A remote attacker could exploit this vulnerability by injecting crafted DNS response packets.
Successful exploitation of this vulnerability could allow an attacker to trigger a buffer overflow condition that could be used to execute arbitrary code and could completely compromise the system.
Impact
Solution/ Workarounds
Apply appropriate updates as mentioned in CISCO vulnerability alert
http://tools.cisco.com/security/center/viewAlert.x?alertId=33892
References
http://www.cert-in.org.in/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|
