Cisco Patches Videoconferencing Security Flaws


Cisco recently published four separate advisories warning of a range of vulnerabilities in its TelePresence videoconferencing products that could enable remote code execution, denial of service, or execution of abritrary commands on the underlying operating system.

"In all, Cisco alerted users to ten distinct security vulnerabilities in elements of its videoconferencing products ranging from the network switch that routes the service’s data to the endpoint hardware ... The revelations of security flaws in Cisco’s gear aren’t the first time executives have been warned about potential eavesdroppers on their conference table talks," writes Forbes' Andy Greenberg. "In January of this year, security researcher H.D. Moore revealed that Cisco competitor Polycom shipped its videoconferencing tech with an auto-answering functionality that would allow a hacker to spy through the company’s cameras at will."

"According to Cisco's advisories, the vulnerable components include the TelePresence Manager, Recording Server, Multipoint Switch and the TelePresence Immersive Endpoint System. ... Cisco has released a series of security patches to address the flaws and administrators are being advised to make sure that all of their TelePresence products are fully up-to-date," writes's Shaun Nichols. "The patches are being offered by the company for free."

However, in the case of the Cisco TelePresence Recording Server, the advisory states, "There are currently no plans to resolve the malformed IP packets denial of service vulnerability, as this product is no longer being actively supported."