CVE-2015-6284

Name of the Vulnerable Software and Affected Versions Cisco TelePresence Server software versions prior to 4.1(2.33) on 7010, MSE 8710, Multiparty Media 310 and 320, and Virtual Machine devices

Description The issue is related to a buffer overflow in the Conference Control Protocol API implementation. This allows remote attackers to cause a denial of service, resulting in a device crash, by sending a crafted URL.

Recommendations For versions prior to 4.1(2.33), update to version 4.1(2.33) or later to resolve the issue. As a temporary workaround, consider restricting access to the Conference Control Protocol API implementation to minimize the risk of exploitation.