Software Engineering Institute

Cisco Advisory cisco-sa-20110202-tandberg states:

"This vulnerability affects Tandberg C Series Endpoints and E/EX Personal Video units, including software that is running on the C20, C40, C60, C90, E20, EX60, and EX90 codecs. The software version of the Tandberg unit can be determined by logging into the web-based user interface (UI) or using the "xStatus SystemUnit" command.

Users can determine the Tandberg software version by entering the IP address of the codec in a web browser, authenticating (if the device is configured for authentication), and then selecting the "system info" menu option. The version number is displayed after the "Software Version" label in the System Info box.

Alternatively the software version can be determined from the device's application programmer interface using the "xStatus SystemUnit" command. The software version running on the codec is displayed after the "SystemUnit Software Version" label. The output from "xStatus SystemUnit" will display a result similar to the following:"

    xStatus SystemUnit
    *s SystemUnit ProductType: "Cisco TelePresence Codec"
    *s SystemUnit ProductId: "Cisco TelePresence Codec C90"
    *s SystemUnit ProductPlatform: "C90"
    *s SystemUnit Uptime: 597095
    *s SystemUnit Software Application: "Endpoint"
    *s SystemUnit Software Version: "TC4.0"
    *s SystemUnit Software Name: "s52000"
    *s SystemUnit Software ReleaseDate: "2010-11-01"
    *s SystemUnit Software MaxVideoCalls: 3
    *s SystemUnit Software MaxAudioCalls: 4
    *s SystemUnit Software ReleaseKey: "true"
    *s SystemUnit Software OptionKeys NaturalPresenter: "true"
    *s SystemUnit Software OptionKeys MultiSite: "true"
    *s SystemUnit Software OptionKeys PremiumResolution: "true"
    *s SystemUnit Hardware Module SerialNumber: "B1AD25A00003"
    *s SystemUnit Hardware Module Identifier: "0"
    *s SystemUnit Hardware MainBoard SerialNumber: "PH0497201"
    *s SystemUnit Hardware MainBoard Identifier: "101401-3 [04]"
    *s SystemUnit Hardware VideoBoard SerialNumber: "PH0497874"
    *s SystemUnit Hardware VideoBoard Identifier: "101560-1 [02]"
    *s SystemUnit Hardware AudioBoard SerialNumber: "N/A"
    *s SystemUnit Hardware AudioBoard Identifier:
    *s SystemUnit Hardware BootSoftware: "U-Boot 2009.03-65"
    *s SystemUnit State System: Initialized
    *s SystemUnit State MaxNumberOfCalls: 3
    *s SystemUnit State MaxNumberOfActiveCalls: 3
    *s SystemUnit State NumberOfActiveCalls: 1
    *s SystemUnit State NumberOfSuspendedCalls: 0
    *s SystemUnit State NumberOfInProgressCalls: 0
    *s SystemUnit State Subsystem Application: Initialized
    *s SystemUnit ContactInfo: "helpdesk@company.com"
    ** end

An attacker may be able to gain complete administrative control of the device.

Apply an Update

Users should upgrade to version TC4.0.0 or later of the device software, disable the root account, and verify the administrator account has a password set. Updates are available from the Cisco Software Area.

Devices running software version TC 4.0.0 or later

To disable the root account, an administrator should log in to the applications programmer interface and use the command "systemtools rootsettings off" to temporarily disable the account, or the command "systemtools rootsettings never" to permanently disable the root user.

The root user is enabled for advanced debugging. If the root user is needed, the password should be configured when the account is enabled. This can be done through the command "systemtools rootsettings on [password]".

The default configuration of devices running TC4.0.0 does not contain a password for the administrator account. The password for the administrator account should be set with the command "xCommand SystemUnit AdminPassword Set Password: [password]".

Devices running software versions prior to TC 4.0.0

The root user cannot be disabled on devices running software versions prior to TC4.0.0. The password for the root account is the same as the administrator password. The administrator password is set with the command "xCommand SystemUnit AdminPassword Set Password: [password]".