The vulnerability in TFTP in Cisco TelePresence Video Communication Server (VCS) Expressway could allow an authenticated, remote attacker to obtain unauthorized access to configuration files from the device by using TFTP.
Updates are not available. Administrators are advised to:
- contact the vendor regarding future updates and releases
- allow only trusted users to have network access,
- allow only privileged users to access administration or management systems,
- monitor affected systems.
Vulnerability Alert Information is available here – http://tools.cisco.com/security/center/viewAlert.x?alertId=40620