Description
Multiple Cisco Products are prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges. The issue is being tracked by Cisco Bug ID CSCvq29901.
Technologies Affected
- Cisco RoomOS Software
- Cisco TelePresence CE Software 8.0.0
- Cisco TelePresence CE Software 8.1.0
- Cisco TelePresence CE Software 8.3.7
- Cisco TelePresence CE Software 9.1.1
- Cisco TelePresence CE Software 9.2.1
- Cisco TelePresence CE Software 9.3.1
- Cisco TelePresence CE Software 9.4.1
- Cisco TelePresence CE Software 9.5.1
- Cisco TelePresence CE Software 9.6.1
- Cisco TelePresence CE Software 9.7.1
- Cisco TelePresence CE Software 9.8.0
- Cisco TelePresence TC Software 3.1
- Cisco TelePresence TC Software 4.1
- Cisco TelePresence TC Software 4.2
- Cisco TelePresence TC Software 5.0
- Cisco TelePresence TC Software 5.1
- Cisco TelePresence TC Software 6.0
- Cisco TelePresence TC Software 6.1
- Cisco TelePresence TC Software 6.2.0
- Cisco TelePresence TC Software 6.3
- Cisco TelePresence TC Software 7.1
- Cisco TelePresence TC Software 7.2
- Cisco TelePresence TC Software 7.2.0
- Cisco TelePresence TC Software 7.2.1
- Cisco TelePresence TC Software 7.3.0
- Cisco TelePresence TC Software 7.3.1
- Cisco TelePresence TC Software 7.3.17
- Cisco TelePresence TC Software 7.3.2
- Cisco TelePresence TC Software 7.3.3
- Cisco TelePresence TC Software 7.3.4
- Cisco TelePresence TC Software 7.3.5
Recommendations
Run all software as a nonprivileged user with minimal access rights.
When possible, run all software as a user with minimal privileges and limited access to system resources. Use additional precautions such as restrictive environments to insulate software that may potentially handle malicious content.
Deploy network intrusion detection systems to monitor network traffic for malicious activity.
Deploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.
Updates are available. Please see the references or vendor advisory for more information.