The vulnerabilities are due to insufficient input validation of user-supplied inputs. An attacker could exploit these vulnerabilities to execute arbitrary code, obtain full control of an affected system, or upgrade the system to a vulnerable version. Cisco has released software updates to fix these vulnerabilities. End users who detect these attacks should immediately upgrade to the latest software versions. Cisco has announced plans to discontinue the Cisco Expressway Series and Cisco TelePresence Video Communication Server. If you currently use these products, you should contact your vendor to evaluate the availability of updated versions. Cisco has also announced plans to discontinue Cisco TelePresence Interoperability Program (VTIPP) endpoints. If you currently use Cisco VTIPP endpoints, you should contact your vendor to evaluate the availability of updated versions. Cisco has announced plans to discontinue the Cisco TelePresence Management (TMS) software. If you currently use Cisco TMS, you should contact your vendor to evaluate the availability of updated versions. Cisco has announced plans to discontinue Cisco TelePresence Application Programming Interface (TEAP) specifications. If you currently use Cisco TEAP, you should contact your vendor to evaluate the availability of updated versions. Cisco has announced plans to discontinue Cisco TelePresence Device (TDD) specifications
CVSS Matrix
Cisco has announced plans to discontinue five products, which include the Cisco Expressway Series and Cisco TelePresence Video Communication Server. This matrix provides a list of affected devices as well as associated CVE's.
The vulnerabilities are due to insufficient input validation of user-supplied inputs. An attacker could exploit these vulnerabilities to execute arbitrary code, obtain full control of an affected system, or upgrade the system to a vulnerable version. Cisco has released software updates to fix these vulnerabilities. End users who detect these attacks should immediately upgrade to the latest software versions. These announcements from Cisco mean that you must update your systems if you are using any Cisco products listed in this matrix.
Cisco has also announced plans to discontinue Cisco TelePresence Interoperability Program (VTIPP) endpoints. If you currently use Cisco VTIPP endpoints, you should contact your vendor to evaluate the availability of updated versions. These announcements from Cisco mean that you must update your systems if you are using any Cisco products listed in this matrix.
CSCve64982: Cisco TelePresence Software
Denial of Service Vulnerabilities
Cisco has announced plans to discontinue Cisco TelePresence Software Denial of Service Vulnerabilities. If you currently use the product, you should contact your vendor to evaluate the availability of updated versions.
Vulnerable Products
Cisco has announced plans to discontinue the following products:
- Cisco Expressway Series
- Cisco TelePresence Video Communication Server
Vulnerable Products
- Cisco Expressway Series
- Cisco TelePresence Video Communication Server
- Cisco TelePresence Interoperability Program (VTIPP) endpoints
- Cisco TelePresence Management (TMS) software
- Cisco TEAP specifications
- Cisco TEAP endpoints
- Cisco TelePresence Device (TDD) specifications
Vulnerable products
The Cisco Expressway Series and Cisco TelePresence Video Communication Server are vulnerable to these vulnerabilities. The Cisco TelePresence Interoperability Program (VTIPP) endpoints are vulnerable to these vulnerabilities. The Cisco TelePresence Management (TMS) software is vulnerable to these vulnerabilities. The Cisco TEAP specifications are vulnerable to these vulnerabilities. The Cisco TelePresence Device (TDD) specifications are vulnerable to these vulnerabilities
Timeline
Published on: 07/06/2022 21:15:00 UTC
Last modified on: 07/14/2022 15:12:00 UTC