Rewterz Threat Alert – OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
June 25, 2019Rewterz Threat Advisory – CVE-2019-1845 – Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability
June 26, 2019Rewterz Threat Alert – OpenSSH Now Encrypts Secret Keys in Memory Against Side-Channel Attacks
June 25, 2019Rewterz Threat Advisory – CVE-2019-1845 – Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability
June 26, 2019Severity
High
Analysis Summary
The vulnerability is due to insufficient input validation of received CDP packets. An attacker could exploit this vulnerability by sending crafted CDP packets to an affected device. A successful exploit could allow the attacker to execute arbitrary shell commands or scripts on the targeted device.
Impact
Execute arbitrary shell commands
Affected Vendors
Cisco
Affected Products
- Cisco TelePresence Integrator C Series
- Cisco TelePresence EX Series
- Cisco TelePresence MX Series
- Cisco TelePresence SX Series
- Cisco Webex Room Series
Remediation
Please see vendor’s advisory for the fixed patches.