Advisory ID: cisco-sa-20160406-cts1
Revision 1.0
For Public Release 2016 April 6 16:00 UTC (GMT)
+-----------------------------
Summary
=======
A vulnerability in Cisco TelePresence Server devices running software versions 4.1(2.29)
through 4.2(4.17) could allow an unauthenticated, remote attacker to cause the device
to reload.
The vulnerability exists due to a failure of the HTTP parsing engine to handle specially
crafted URLs. An attacker could exploit this vulnerability by sending multiple URL
requests to an affected device. The requests will eventually time out because negotiation
from the client does not occur; however, each request consumes additional memory,
resulting in memory exhaustion that causes the device to crash. If successful, the
attacker could utilize all available memory resources, causing the device to reload.
Cisco has released software updates that address this vulnerability. Workarounds that
address this vulnerability are not available.
This advisory is available at the following link:
http://tools.cisco.com/
cts1
Komentarų nėra:
Rašyti komentarą