Cisco patched a series of vulnerabilities in its TelePresence and Expressway products.
The most severe of the vulnerabilities is a critical remote code execution issue affecting the device driver in the kernel of Cisco TelePresence Multipoint Control Unit (MCU).
The flaw can end up leveraged by a remote, unauthenticated attacker to trigger a buffer overflow and execute arbitrary code or cause a denial-of-service (DoS).
The security hole affects TelePresence MCU 5300 Series, MCU MSE 8510 and MCU 4500 when running version 4.3(1.68) or later of the software. For those running versions prior to 4.3(1.68) they do not suffer from the issue. Users that do have the vulnerability should update to version 4.5(1.89).
Cisco TelePresence, mainly the Video Communications Server (VCS) software, also suffers from a DoS vulnerability that can end up exploited remotely without authentication. The same issue also affects the Expressway Series collaboration gateway.
The flaw exists in all versions of the Cisco Expressway Series and TelePresence VCS software prior to X8.8.2.