Cisco Systems is warning customers of a critical vulnerability affecting three of its TelePresence MCU platform models. The flaw could give attackers the ability to remotely execute code on impacted systems or create conditions favorable to a denial-of-service (DoS) attack. Affected systems are those running software version 4.3(1.68) or later configured for Passthrough content mode. The vulnerability (CVE-2017-3792) is tied to a proprietary device driver in the kernel of the. Cisco has issued two patches for MSE 8510 and 5300 Series users.
Source: https://threatpost.com/cisco-warns-of-critical-flaw-in-teleconferencing-gear/123435/