19 Sep Security Advisory – SOS-11-010 – Cisco TelePresence Multiple Vulnerabilities
Release Date: 19-Sep-2011
Last Update: –
Vendor Notification Date: 21-Feb-2011
Product: Cisco TelePresence Series
Affected versions: C <= TC4.1.2, MXP <= F9.1
Severity Rating: Low – Medium
Impact: Cookie/credential theft, impersonation, loss of confidentiality, client-side code execution, denial of service.
Solution Status: Vendor patch
CVE reference: CVE-2011-2544 (CSCtq46488)
Cisco TelePresence is an umbrella term for Video Conferencing Hardware and Software, Infrastructure and Endpoints. The C & MXP Series are the Endpoints used on desks or in boardrooms to provide users with a termination point for Video Conferencing.
Please refer to the PDF version of this advisory for proof of concept code examples.
Upgrade to TC4.2 for the C series to fix validation issues.
David Klein from Sense of Security Labs.