Cisco has acknowledged bugs in multiple versions of their TelePresence devices software, which would allow a remote attacker to take control of videophones by injecting arbitrary code and malicious commands.

The company has released four separate advisories bulletin on the risks and advice customers to apply the security patches immediately. A total of five vulnerabilities have been fixed.

The vulnerabilities products are Cisco TelePresence Manager, Cisco TelePresence Recording Server, Cisco TelePresence Multipoint Switch, and Cisco TelePresence Immersive Endpoint System.

Security Advisory #1:

Cisco TelePresence Recording Server contains the following vulnerabilities:

• Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
• Cisco TelePresence Web Interface Command Injection
• Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

This vulnerability leads to a denial of service using malformed IP packets to the platform launched by a remote user without authentication, generating the computer to stop responding to new connection requests and causing a condition that generates potential termination of services and processes.

Versions affected:

• Cisco TelePresence Manager 1.8 and earlier
• Cisco TelePresence Recording Server 1.8 and above
• Cisco TelePresence Multipoint Switch 1.8 and above

Fixed in:

• There is still no update available for Cisco TelePresence Recording Server
• Cisco TelePresence Manager 1.9
• Cisco TelePresence Multipoint Switch 1.9

The detail of the software patch can be found on:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs

Security Advisory #2:

Cisco TelePresence Multipoint Switch contains the following vulnerabilities:

• Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
• Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

The second vulnerability exploits the Cisco Discovery Protocol, allowing an unauthenticated user to execute code with elevated privileges. It is possible to exploit the vulnerability due to a flaw in handling malformed packets CDP; the passage of these packets to a vulnerable device allows the attacker to execute arbitrary code with elevated privileges.

Versions affected:

• Cisco TelePresence Manager 1.8 and earlier
• Cisco TelePresence Recording Server 1.8 and above
• Cisco TelePresence Multipoint Switch 1.8 and above
• Cisco TelePresence Endpoint Devices Immersive 1.8 and above

Fixed in:

• Cisco TelePresence Recording Server 1.8.1
• Cisco TelePresence Manager 1.9.0
• 1.9.0 Switch Cisco TelePresence Multipoint
• Cisco TelePresence Endpoint Devices Immersive 1.9.1

The detail of the software patch can be found on:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms

Security Advisory #3:

Cisco TelePresence Endpoint devices contain the following vulnerabilities:

• Cisco TelePresence API Remote Command Execution Vulnerability
• Cisco TelePresence Remote Command Execution Vulnerability
• Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

You can generate a command injection remotely in the administrative web interface of Cisco Telepresence that is lodged in the immersive endpoint. When vulnerability is exploited by an authenticated user, it allows execution of arbitrary commands on the operating system with elevated privileges. To exploit the vulnerability requires sending a malformed request to port 443, achieving a full 3-way handshake.

Versions affected:

• Cisco TelePresence Endpoint Devices Immersive 1.7 and above

Fixed in:

• Cisco TelePresence Endpoint Devices Immersive 1.7.4

The detail of the software patch can be found on:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts

Security Advisory #4:

Cisco TelePresence Endpoint devices contain the following vulnerabilities:

• Cisco TelePresence API Remote Command Execution Vulnerability
• Command Injection in Web Interface.

Vulnerability exists in the Web administrative interface, which may allow a remote authenticated user to generate the attack. The attacker could exploit the vulnerability to send malicious requests to the device, which when processed, will allow execution of arbitrary commands with elevated privileges.

You can generate an injection of commands remotely on a Cisco Telepresence APIs that is lodged in the immersive endpoint. If the vulnerability is exploited it could allow an unauthenticated user execute operating system commands with elevated privileges. Exploiting the vulnerability requires the attacker to send a request malformed TCP port 61460, making a 3-way handshake successful.

Versions affected:

• Cisco TelePresence Recording Server 1.7 and earlier
• Cisco TelePresence Endpoint Devices Immersive 1.9 and above

Fixed in:

• Cisco TelePresence Recording Server 1.8.0
• Cisco TelePresence Endpoint Devices Immersive 1.9.1

The detail of the software patch can be found on:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts

Cisco, last year, released elegant telepresence devices to the home consumer, targeting home and employee-home-to-office communication. The devices can easily bring in collaboration applications like Cisco WebEx Meeting Center and can be integrated into existing SD or HD videoconferencing systems.

In addition, Cisco Telepresence provides enterprises the ability to record and share videos and content efficiently.

It’s a lot of vulnerabilities within the platform, which generate a high risk by nature, so Cisco advises to upgrade TelePresence platform as soon as possible.