Cisco Systems is warning customers of a critical vulnerability affecting three of its TelePresence MCU platform models. The flaw could give attackers the ability to remotely execute code on impacted systems or create conditions favorable to a denial-of-service (DoS) attack.
According to an advisory issued this week, the vulnerability (CVE-2017-3792) is tied to a proprietary device driver in the kernel of the Cisco TelePresence Multipoint Control Unit (MCU) Software used in platform models 4500, MSE 8510 and 5300 Series.
“The vulnerability is due to improper size validation when reassembling fragmented IPv4 or IPv6 packets,” wrote Cisco in its bulletin. Affected systems are those running software version 4.3(1.68) or later configured for “Passthrough” content mode.