A critical vulnerability tracked as CVE-2017-3792 affects three different models of the CISCO TelePresence MCU platform.
Cisco TelePresence MCU platform is a high-definition multimedia conferencing bridge that is widely adopted due to its ability to work with endpoint systems of the many vendors.
The flaw could be exploited by attackers to remotely execute code on the affected systems or to trigger a denial-of-service (DoS) condition. The flaw was discovered during the resolution of a support case.
The vulnerability affects a proprietary device driver in the kernel of the Cisco TelePresence Multipoint Control Unit (MCU) Software running on platform models 4500, MSE 8510 and 5300 Series.
An attacker could exploit the flaw to trigger a buffer overflow and execute an arbitrary code or cause a DoS condition on the vulnerable system.
“A vulnerability in a proprietary device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU) Software could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition.” reads the Cisco security bulletin.
“The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets. An attacker could exploit this vulnerability by sending crafted IPv4 or IPv6 fragments to a port receiving content in Passthrough content mode. An exploit could allow the attacker to overflow a buffer. If successful, the attacker could execute arbitrary code or cause a DoS condition on the affected system.”
Systems running software version 4.3(1.68) or later configured for “Passthrough” content mode are affected by the flaw.
Cisco issued two security updates for MSE 8510 and 5300 Series users, the Cisco TelePresence MCU 4500 platform will not be fixed because it has reached the end-of-software on July 9, 2016.
Cisco confirmed that there are no workarounds to fix the flaw. In order to prevent exploitation of this vulnerability, the company suggests configuring the CISCO TelePresence MCU Software to use Transcoded content mode instead of Passthrough content mode.
(Security Affairs – Cisco TelePresence MCU, CVE-2017-3792)