-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco
TelePresence Endpoint Devices
Advisory ID: cisco-sa-20110223-telepresence-cts
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco
TelePresence Recording Server
Advisory ID: cisco-sa-20110223-telepresence-ctrs
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco
TelePresence Multipoint Switch
Advisory ID: cisco-sa-20110223-telepresence-ctms
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Multiple Vulnerabilities in Cisco
TelePresence Manager
Advisory ID: cisco-sa-20110223-telepresence-ctsman
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco TelePresence System Integrator C Series and Cisco TelePresence EX Series Device Default Root Account Manufacturing Error
Advisory ID: cisco-sa-20111109-telepresence-c-ex-series
Revision 1.0
For Public Release 2011 November 9 16:00 UTC (GMT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Denial of Service Vulnerability in Cisco
TelePresence Codecs
Advisory ID: cisco-sa-20110831-tandberg
Revision 1.0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco TelePresence Recording Server Default
Credentials for Root Account Vulnerability
Advisory ID: cisco-sa-20110729-tp
Revision 1.0
+---------------------------------------------------------------------
Summary
=======
Cisco TelePresence Software version TE 4.1.0 contains a default
account vulnerability that could allow an unauthenticated, remote
attacker to take complete control of the affected device.
The vulnerability is due to an architectural change that was made in
the way the system maintains administrative accounts. During the
are not affected.
* Cisco NX-OS Software for Cisco Nexus 7000 Series Switches
releases prior to 4.2.x are affected. Cisco NX-OS Software for
Cisco Nexus 7000 Series Switches versions 4.2.x and later are not
affected.
* Cisco TelePresence Video Communication Server (Cisco TelePresence
VCS)
* Cisco Video Surveillance Manager (VSM)
* Cisco Video Surveillance Operations Manager (VSOM)
* Cisco Wireless Control System (WCS)
Sense of Security - Security Advisory - SOS-11-010
Release Date. 19-Sep-2011
Last Update. -
Vendor Notification Date. 21-Feb-2011
Product. Cisco TelePresence Series
Platform. Cisco
Affected versions. C <= TC4.1.2, MXP <= F9.1
Severity Rating. Low - Medium
Impact. Cookie/credential theft,
impersonation,
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Cisco Security Advisory: Cisco TelePresence Video Communication Server
Session Initiation Protocol Denial of Service Vulnerabilities
Advisory ID: cisco-sa-20120229-vcs
Revision 1.0
displayed after the "SystemUnit Software Version" label. The output
from "xStatus SystemUnit" will display a result similar to the
following:
xStatus SystemUnit
*s SystemUnit ProductType: "Cisco TelePresence Codec"
*s SystemUnit ProductId: "Cisco TelePresence Codec C90"
*s SystemUnit ProductPlatform: "C90"
*s SystemUnit Uptime: 597095
*s SystemUnit Software Application: "Endpoint"
*s SystemUnit Software Version: "TC4.0"
| | |
|----------------------------+-------------------------------|
| Cisco Service Control | CSCtd04171 |
| Subscriber Manager | |
|----------------------------+-------------------------------|
| Cisco TelePresence Manager | CSCtd01771 |
| | |
|----------------------------+-------------------------------|
| Telepresence for Consumer | CSCtd01752 |
| | |
|----------------------------+-------------------------------|
|-------------------------------+------------------+----------------|
| Cisco Security Manager | 3.1 and 3.1.1 | 3.0.5 |
|-------------------------------+------------------+----------------|
| Cisco Security Manager | 3.2 | 3.1 |
|-------------------------------+------------------+----------------|
| Cisco TelePresence Readiness | 1.0 | 3.0.5 |
| Assessment Manager | | |
+-------------------------------------------------------------------+
Note: CiscoWorks products could be vulnerable if their underlying
Common Services versions were upgraded to a vulnerable version.
* Cisco Unified Service Monitor versions 1.0, 1.1, 2.0, and 2.1
* CiscoWorks QoS Policy Manager versions 4.0 and 4.1
* CiscoWorks LAN Management Solution versions 2.5, 2.6, and 3.0
* Cisco Security Manager versions 3.0, 3.1, and 3.2
* Cisco TelePresence Readiness Assessment Manager version 1.0
* CiscoWorks Voice Manager versions 3.0 and 3.1
* CiscoWorks Health and Utilization Monitor versions 1.0 and 1.1
* Cisco Unified Operations Manager versions 1.0, 1.1, 2.0, and 2.1
* Cisco Unified Provisioning Manager versions 1.0, 1.1, 1.2, and
1.3
