Cisco TelePresence System MXP Series Software contains the following vulnerabilities:

Three SIP denial of service vulnerabilities
Three H.225 denial of service vulnerabilities

Successful exploitation of these vulnerabilities may allow an attacker to cause system instability and the affected system to reload.

Note: This security advisory does not provide information about the OpenSSL TLS Heartbeat Read Overrun Vulnerability identified by CVE-2014-0160 (also known as Heartbleed).  For additional information regarding Cisco products affected by the Heartbleed vulnerability, refer to the Cisco Security Advisory available at the following link:  http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140409-heartbleed
Cisco has released free software updates that address these vulnerabilities. There are no workarounds that mitigate these vulnerabilities. This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-mxp

Leave a Reply