Cisco TelePresence MCU Fragmented Packets Reassembly RCE

critical Nessus Plugin ID 97021

Synopsis

The remote device is affected by a remote code execution vulnerability.

Description

According to the self-reported version, the remote Cisco TelePresence Multipoint Control Unit (MCU) device is affected by a buffer overflow condition that occurs when reassembling fragmented IPv4 and IPv6 packets due to improper size validation. An unauthenticated, remote attacker can exploit this issue, by sending specially crafted fragmented packets to a port receiving content in Passthrough content mode, to cause a denial of service condition or the execution of arbitrary code.

Solution

Upgrade to the relevant fixed version referenced in Cisco bug ID CSCuu67675.

See Also

http://www.nessus.org/u?55c626f9

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCuu67675

Plugin Details

Severity: Critical

ID: 97021

File Name: cisco_telepresence_mcu_sa_20170125_telepresence.nasl

Version: 1.4

Type: remote

Family: CISCO

Published: 2/6/2017

Updated: 7/6/2018

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:telepresence_mcu_software

Required KB Items: Cisco/TelePresence_MCU/Version, Cisco/TelePresence_MCU/Device

Exploit Ease: No known exploits are available

Patch Publication Date: 1/25/2017

Vulnerability Publication Date: 1/25/2017

Reference Information

CVE: CVE-2017-3792

BID: 95787

CISCO-SA: cisco-sa-20170125-telepresence

IAVA: 2017-A-0029

CISCO-BUG-ID: CSCuu67675