A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device.

The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets.

An attacker could exploit this vulnerability by submitting malformed STUN packets to the device.
If successful, the attacker could force the device to reload and drop all calls in the process.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2
A vulnerability in Cisco TelePresence Server devices running software version 3.1 could allow an unauthenticated, remote attacker to reload the device.

The vulnerability exists due to a failure to properly process malformed Session Traversal Utilities for NAT (STUN) packets.

An attacker could exploit this vulnerability by submitting malformed STUN packets to the device.
If successful, the attacker could force the device to reload and drop all calls in the process.

Cisco has released software updates that address this vulnerability. Workarounds that address this vulnerability are not available.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160406-cts2

Security Impact Rating: High

CVE: CVE-2015-6312