On July 11, Cisco has published a number of four security advisories detailing multiple vulnerabilities that have been identified in TelePresence products, high-end devices and pieces of software designed for video conferences.
The TelePresence Recording Server, TelePresence Endpoint devices, TelePresence Manager and TelePresence Multipoint Switch all contain a Cisco discovery protocol remote code execution vulnerability.
Furthermore, Manager, Multipoint Switch and Recording Server products also contain a malformed IP packets denial of service security hole.
Other weaknesses include an API remote command execution in Endpoint devices, and a web interface command injection in Recording Server.
According to the advisories
made available by the company, the web interface command injection could be leveraged to allow an authenticated attacker to remotely execute command on the operating system with elevated privileges.
Cisco has made available software updates that address all these vulnerabilities, except for the malformed IP packets denial of service issue in Recording Server, the product no longer being actively supported.