Security News -  Security Reviews -   Exploits -  Tools -  UNIX Focus -  Windows Focus
SecuriTeam™  Beyond Security®  SecuriTeam™ Home  Ask the Team  Mailing Lists  Advertising Info  Blogs SecuriTeam™ in Your Inbox   E-mail this CVE-2011-0378 to a friend New vulnerability? New tool? Tell us	CVE-2011-0378 Cisco TelePresence Endpoint Devices Multiple Vulnerabilities     Credit: The original article can be found at: http://www.cisco.com/en/US/products/products_security_advisory09186a0080b6e152.shtml Website Security Scan Code Vulnerability Test Network Assessment Tool Detect hidden vulnerabilities Exhaustive automated testing Real-time, continuous security Get guidance from professionals of internal or 3rd party code. scanning for your entire network    CVE-2011-0378 Details Check for CVE-2011-0378 Vulnerability Assessment and Management. Automated Pen Testing for 50 to 50,000 nodes beyondsecurity.com/vulnerability-scanner Vulnerable Systems:  * Cisco TelePresence software prior to 1.7.1 Immune Systems:  * Cisco TelePresence software 1.7.1 This advisory addresses Cisco TelePresence endpoint devices and details the following vulnerabilities: * Unauthenticated Common Gateway Interface (CGI) Access * CGI Command Injection * TFTP Information Disclosure * Malicious IP Address Injection * XML-Remote Procedure Call (RPC) Command Injection * Cisco Discovery Protocol Remote Code Execution CGI Command Injection Multiple CGI command injection vulnerabilities exist in Cisco TelePresence endpoint devices that could allow a remote, authenticated attacker to execute arbitrary commands with elevated privileges. To exploit these vulnerabilities, an attacker must submit a malformed request to an affected device via TCP port 443. An attacker must perform a three-way TCP handshake and establish a valid session to exploit these vulnerabilities. TFTP Information Disclosure An information disclosure vulnerability exists within Cisco TelePresence endpoint devices that could allow an unauthenticated, remote attacker to retrieve sensitive authentication and configuration information. The attacker would need to have the ability to submit a TFTP GET request via UDP port 69 to the affected device. Because the vulnerability is within a UDP based service, the attacker would not be required to perform a handshake prior to making the crafted request. However, due to the fact that this is an information disclosure issue the attacker would need to supply a valid return IP address to retrieve the information. Malicious IP Address Injection A denial of service vulnerability exists within Cisco TelePresence endpoint devices that could allow a remote, unauthenticated attacker to cause a denial of service condition. An attacker with the ability to impersonate a Cisco TelePresence Manager system could remotely inject an invalid IP address into a configuration file that could cause a critical service on the device to crash. An endpoint affected by this issue will remain unusable until it has been manually restored to a known good state. Restoration of service may require an administrator to reload software on the affected device. The attacker would need the ability to submit a malformed SOAP request to an affected device via TCP port 8081 or TCP port 9501. An attacker must perform a three-way TCP handshake and establish a valid session to exploit this vulnerability. XML-RPC Command Injection An XML-RPC command injection vulnerability exists with Cisco TelePresence endpoint devices. This issue could allow an unauthenticated attacker with access to the broadcast domain of the affected device to execute arbitrary commands with elevated privileges. The attacker would need the ability to submit a request to an affected system via TCP port 61441 or TCP port 61445. An attacker must perform a three-way TCP handshake and establish a valid session to exploit this vulnerability. The issue may require that the attacker perform an ARP spoofing or other form of impersonation attack. Cisco Discovery Protocol Remote Code Execution A remote code execution vulnerability exists in Cisco TelePresence endpoint devices. This vulnerability could allow an unauthenticated, adjacent attacker to trigger a buffer overflow condition. To exploit this vulnerability, the attacker must submit a malicious Cisco Discovery Protocol packet to an affected system. Because Cisco Discovery Protocol functions at the Data-Link (L2) layer, an attacker must submit an Ethernet frame directly to an affected device. This scenario may be possible when affected systems are part of a bridged network or connected to a nonpartitioned device such as a network hub. Patch Availability: When considering software upgrades, also consult http://www.cisco.com/go/psirt and any subsequent advisories to determine exposure and a complete upgrade solution. CVE Information: CVE-2011-0372 CVE-2011-0373 CVE-2011-0374 CVE-2011-0375 CVE-2011-0376 CVE-2011-0377 CVE-2011-0378 CVE-2011-0379 Disclosure Timeline: Revision 1.0 2011-February-23 Intial public release.  Comments on CVE-2011-0378:  Add new comment:  Subject:  Name/Nick/Email:          Chars Left:	All Sections Security News Unix focus Exploits Tools Windows focus Security Reviews
	Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

Copyright © 1998-2010 Beyond Security® All rights reserved.
Terms of Use Site Privacy Statement.
SecuriTeam™ is a trademark of Beyond Security®