Gold Sponsors
Array Telepresence Logo   Human Productivity Lab Logo   Ashton Bentley Logo
Silver Sponsors
Bronze Sponsors
Telepresence Options Magazine

Latest Telepresence and Visual Collaboration News:
Full Article:

Hackers Can Break Into Your Cisco TelePresence Sessions

July 16, 2012 | William Zimmerman

The Hacker Inside portion of this image was created by Dagmar d'Surreal and distributed under a Creating Commons license; its use falls under Fair Use standards*.


Summary: Major security holes in the Cisco TelePresence product line could allow attackers to execute arbitrary code, cause a denial-of-service condition, or inject commands.


If you rely on Cisco TelePresence products for sensive business communications, you might want to stop what you are doing and pay attention to a new warning that hackers can exploit security flaws to execute arbitrary code, cause a denial-of-service condition, or inject malicious commands.

Cisco released four separate security advisories today to warn of the risks and urge TelePresence users to deploy patches, especially in sensitive business environments.

If you think this might just be a theoretical threat, take a look at what HD Moore (of Metasploit fame) demonstrated for the New York Times earlier this year.

The skinny from Cisco:

Advisory #1:

Cisco TelePresence Recording Server contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Web Interface Command Injection
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow a remote, unauthenticated attacker to create a denial of service condition, preventing the product from responding to new connection requests and potentially causing some services and processes to crash.

Exploitation of the Cisco TelePresence Web Interface Command Injection may allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system with elevated privileges.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.

Advisory #2:

Cisco TelePresence Multipoint Switch contains the following vulnerabilities:

  • Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability
  • Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability

Exploitation of the Cisco TelePresence Malformed IP Packets Denial of Service Vulnerability may allow an unauthenticated, remote attacker to create a denial of service (DoS) condition, causing the product to become unresponsive to new connection requests and potentially leading to termination services and processes.

Exploitation of the Cisco TelePresence Cisco Discovery Protocol Remote Code Execution Vulnerability may allow an unauthenticated, adjacent attacker to execute arbitrary code with elevated privileges.


*Its placement is used in this article as a parody on the prevalence of Intel processor chips within personal computers. As Intel is seemingly an industry giant within the personal computer industry, Cisco is likewise a large participant within the Telepresence Industry. The juxtaposition of these two images is fitting for the illustration of the news content within this article and is protected by Fair Use standards for news reporting. Please forward all takedown requests to [email protected].







Add New Comment

Telepresence Options welcomes your comments! You may comment using your name and email (which will not be displayed), or you may connect with your Twitter, Facebook, Google+, or DISQUS account.