Cisco TelePresence Video Communication Server (VCS), Cisco Expressway and Cisco TelePresence Conductor contain the following vulnerabilities:

SDP Media Description Denial of Service Vulnerability
Authentication Bypass Vulnerability

Successful exploitation of the SDP Media Description Denial of Service Vulnerability may
cause the affected system to reload.
Successful exploitation of the Authentication Bypass Vulnerability may allow an attacker to
bypass authentication and log in to the system with the privileges of an administrator.

Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150311-vcs

Leave a Reply