Gold Sponsors
Silver Sponsors
Bronze Sponsors
Telepresence Options Magazine
telepresence options catalog ad
IC14 Banner TTOP
sponsor telepresence
webrtc telepresence

Latest Telepresence and Visual Collaboration News:
Full Article:

Remotely Exploitable Bug Affects Wide Range Of Cisco Telepresence Systems

August 14, 2013 | Telepresence Options

cisco telepresence

Story by and images by Dennis Fisher / threatpost

There's a serious vulnerability in Cisco's popular TelePresence system that could give an attacker complete control of the affected system. The vulnerability affects a broad range of TelePresence models, although there are workarounds available.

The vulnerability results from the fact that there are default credentials set up in the TelePresence systems. If a user account is created with the default credentials, an attacker would be able to exploit the bug and gain complete control of the Web server on which the system is running. Cisco has not yet made available patched versions of the TelePresence software.

RelatedHackers Can Break Into Your Cisco TelePresence Sessions 

Your TV might be watching you

Hacking Video Conferencing Systems

"The vulnerability is due to a default user account being created at installation time. An attacker could exploit this vulnerability by remotely accessing the web server and using the default account credentials. An exploit could allow the attacker to log in with the default credentials, which gives them full administrative rights to the system," Cisco said in its advisory.

"Cisco TelePresence System Software includes a password recovery administrator account that is enabled by default. Successful exploitation of this vulnerability could allow a remote attacker to use these default credentials to modify the system configuration and settings and take full control of the affected system. An attacker could use this account to modify the system configuration and settings via an HTTPS session."

TelePresence is Cisco's video and audio conferencing system that is designed to mimic the experience of being in the same room with the other participants. Cisco TelePresence System Series 500, 13X0, 1X00, 3X00, and 30X0 running CiscoTelePresence System Software Releases 1.10.1 and prior; and Cisco TelePresence TX 9X00 Series running Cisco TelePresence System Software Releases 6.0.3 and prior are affected by this flaw.

Continue Reading...







Add New Comment

Telepresence Options welcomes your comments! You may comment using your name and email (which will not be displayed), or you may connect with your Twitter, Facebook, Google+, or DISQUS account.