Sense of Security is one of Australia’s most trusted providers of cyber resilience, information security and risk management services.

Latest announcements
© Copyright Sense of Security

Security Advisory – SOS-11-010 – Cisco TelePresence Multiple Vulnerabilities

Release Date: 19-Sep-2011

Last Update:

Vendor Notification Date: 21-Feb-2011

Product: Cisco TelePresence Series

Platform: Cisco

Affected versions: C <= TC4.1.2, MXP <= F9.1

Severity Rating: Low – Medium

Impact: Cookie/credential theft, impersonation, loss of confidentiality, client-side code execution, denial of service.

Solution Status: Vendor patch

CVE reference: CVE-2011-2544 (CSCtq46488)
CVE-2011-2543 (CSCtq46496)
CVE-2011-2577 (CSCtq46500)


Cisco TelePresence is an umbrella term for Video Conferencing Hardware and Software, Infrastructure and Endpoints. The C & MXP Series are the Endpoints used on desks or in boardrooms to provide users with a termination point for Video Conferencing.

Please refer to the PDF version of this advisory for proof of concept code examples.


Upgrade to TC4.2 for the C series to fix validation issues.

Discovered By

David Klein from Sense of Security Labs.

Our expert consultants are here to help you. For all your Cyber Security needs please contact us today.

No Comments

Sorry, the comment form is closed at this time.