Cisco Patches Critical TelePresence Vulnerability

Cisco Systems announced that it has patched a critical flaw related to its TelPresence equipment that allowed unauthorized parties to access the system through an API error. The networking giant also warned customers a duo vulnerabilities Denial of service that have a high risk for your firewall firepower hardware. Computer Emergency Preparedness Team US (US-CERT) issued a warning Wednesday and said Cisco has provided patches for the affected products.

The most serious defects are related to the Cisco TelePresence XML application programming interface and allows attackers to bypass the authentication process for the TelePresence equipment EX, MX, SX and VX. 

Hackers with knowledge of the vulnerability are able to perform unauthorized configuration changes or emission of material control commands TelePresence running the affected software. 

Cisco has published a patch (CVE-2016-1387) for error TelePresence. Cisco wrote: "The vulnerability is due to improper implementation of authentication mechanisms for XML software API concerned An attacker could exploit the vulnerability by sending an HTTP request XML API designed to." 

Cisco has also informed customers Wednesday two high vulnerabilities that could allow an attacker to launch DoS attacks labeled service. both vulnerabilities are related to Cisco hardware firewall Affairs (5585-X ASA firepower SSP). one of the denial of vulnerability service (CVE-2016-1369) is derived from a default in the settings firepower of registry system software to the Adaptive Security Appliance. 

According to Cisco error "could allow an unauthenticated remote attacker to not cause a denial of service condition (DoS) due to the high consumption of system resources. "Cisco says there is no alternative for vulnerabilities and urged customers to download a free software update for the software in question. The second vulnerability is classified as high and is related to the hardware firewall (ASA firepower SSP 5585-X) packet processing functions. 

Cisco said the vulnerability (CVE-2016 to 1368) could allow a remote attacker to trigger a firewall affected subsystem inspect and stop processing packets, resulting in favorable conditions for a denial-of-service attack. "The vulnerability is due to improper handling packages for affected software when the packets are transmitted through the sensor interfaces of an affected system. 

An attacker could exploit the vulnerability by sending packets handmade through a system target "Cisco wrote. Specific products affected by the treatment of vulnerability packets are Cisco models both firepower software 7000 and 8000 firewall running firepower system releases 5.3.0 through 5.4.0 and 5.3.0.6 5.4 .0.3 through.