Cisco TelePresence TC and TE Software are prone to multiple security vulnerabilities.

Attackers can exploit these issues to execute arbitrary code in the context of the device, bypass authentication mechanisms, gain unauthorized access, execute arbitrary commands, or cause denial-of- service conditions other attacks may also be possible.

Updates are available.

Cisco TelePresence TC and TE Software are prone to the following security vulnerabilities: 1. Multiple remote denial-of-service vulnerabilities 2. A buffer-overflow vulnerability 3. A command-injection vulnerability 4. A command-injection vulnerability 5. A heap-based buffer-overflow vulnerability 6. A local buffer-overflow vulnerability 7. A local authentication-bypass vulnerability 8. A remote denial-of-service vulnerability

Cisco TelePresence MX Series Cisco TelePresence System EX Series Cisco TelePresence Integrator C Series Cisco TelePresence Profiles Series Cisco TelePresence Quick Set Series Cisco TelePresence System T Series Cisco TelePresence VX Clinical Assistant

Check the Firmware-Version.

• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140430-tcte
• http://www.securityfocus.com/bid/67170

---

Updated on 2015-03-25