Cisco TelePresence MXP Series Software Multiple Vulnerabilities (cisco-sa-20140430-mxp)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote host is missing a vendor-supplied security patch.

Description :

The version of Cisco TelePresence MXP Series software running on the
remote host is affected by one or more of the following issues :

- A denial of service vulnerability exists due to a flaw
in the SIP implementation, potentially allowing a remote
attacker to cause a device reload by sending crafted SIP
packets. (CVE-2014-2156 / CSCty45739)

- A denial of service vulnerability exists due to a flaw
in the SIP implementation, potentially allowing a remote
attacker to cause a device reload by sending crafted SIP
packets. (CVE-2014-2157 / CSCty45733)

- A denial of service vulnerability exists due to a flaw
in the SIP implementation, potentially allowing a remote
attacker to cause a device reload by sending crafted SIP
packets. (CVE-2014-2158 / CSCty45720)

- A denial of service vulnerability exists due to a flaw
in the H.225 subsystem, potentially allowing a remote
attacker to cause a device reload by sending crafted
packets. (CVE-2014-2159 / CSCtq78722)

- A denial of service vulnerability exists due to a flaw
in the H.225 subsystem, potentially allowing a remote
attacker to cause a device reload by sending crafted
packets. (CVE-2014-2160 / CSCty45745)

- A denial of service vulnerability exists due to a flaw
in the H.225 subsystem, potentially allowing a remote
attacker to cause a device reload by sending crafted
packets. (CVE-2014-2161 / CSCty45731)

See also :

http://www.nessus.org/u?c43f3837

Solution :

Upgrade to the relevant Cisco TelePresence MXP series software version
referenced in Cisco Security Advisory cisco-sa-20140430-mxp.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: CISCO

Nessus Plugin ID: 73915 ()

Bugtraq ID: 67166
67167

CVE ID: CVE-2014-2156
CVE-2014-2157
CVE-2014-2158
CVE-2014-2159
CVE-2014-2160
CVE-2014-2161