Cisco has confirmed two products are affected by a critical remote code execution bug in Samba and is investigating whether other products are also vulnerable.
The company has published an advisory detailing the products confirmed to be vulnerable, those that are confirmed to be not, and others that are still under investigation.
The Cisco Network Analysis Module and the Cisco Video Surveillance Media Server are both confirmed to be affected by the Samba flaw.
Samba developers released a patch for the bug last week, which affected Linux distributions and Synology network attached storage devices.
Security firm Rapid7 warned there were over 210,000 endpoints running open on the internet on port 445 and port 139 that appeared to be running vulnerable versions of Samba.
Cisco has not released fixes for the two known vulnerable products, though it may have workarounds that are privately available to customers.
“Cisco is currently investigating its product line to determine which products may be affected by the vulnerability and the impact on each affected product,” it said.
There are several products currently under investigation, including the Cisco Identity Services Engine; the Cisco Small Business RV Series RV320 Dual Gigabit WAN VPN Router; Cisco Common Services Platform Collector; and Cisco IP Interoperability and Collaboration System (IPICS).
It's also probing its video, streaming, TelePresence, and transcoding devices for the bug. These include:
• Cisco Expressway Series
• Cisco MXE 3500 Series Media Experience Engines
• Cisco TelePresence Video Communication Server (VCS)
• Cisco VDS Recorder
• Cisco VDS-TV Caching Nodes
• Cisco VDS-TV Streamer
• Cisco VDS-TV Vault
Cisco’s Talos security team has released two Snort rules to help customers detect exploitation of the Samba bug.
“As the investigation progresses, this document will be updated to include Cisco bug IDs for each affected product,” Cisco notes.