Please be advised that Cisco announced the following medium impact security vulnerability.

A vulnerability in the text rendering subsystem of Cisco TelePresence Collaboration Endpoint (CE) Software and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

This vulnerability is due to insufficient validation of input received by an affected device. An attacker could exploit this vulnerability by getting the affected device to render crafted text, for example, a crafted meeting invitation. As indicated in the CVSS score, no user interaction is required, such as accepting the meeting invitation. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Full description of the vulnerability is available on the following link:

Cisco TelePresence Collaboration Endpoint Software and RoomOS Software Denial of Service Vulnerability

^{_{Affected Products}}

• Vulnerable products

This vulnerability affects Cisco TelePresence CE Software and Cisco RoomOS Software, regardless of device configuration.

For information about which Cisco software releases are vulnerable, see the Fixed Software section of this advisory.

• Fixed Software

Cisco considers any workarounds and mitigations (if applicable) to be temporary solutions until an upgrade to a fixed software release is available. To fully remediate this vulnerability and avoid future exposure as described in this advisory, Cisco strongly recommends that customers upgrade to the fixed software indicated in this advisory.