A vulnerability in the network stack of Cisco TelePresence MCU Software
could allow an unauthenticated, remote attacker to cause the exhaustion
of available memory which could lead to system instability and a
reload of the affected system.

Cisco has released free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20141015-mcu

Note: This security advisory does not provide information about
the GNU Bash Environment Variable Command Injection Vulnerability (also known as Shellshock).
For additional information regarding Cisco products affected by this
vulnerability, refer to the Cisco Security Advisory at the following
link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

Leave a Reply