Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability

A vulnerability in the Cisco TelePresence Video Communication Server
(VCS) Expressway could allow an unauthenticated, remote attacker to
execute a man-in-the-middle (MITM) attack between one or more affected
devices.

The vulnerability occurs because the same default
SSL certificate is used across all Cisco TelePresence VCS Expressway devices. An attacker could
exploit this vulnerability by using the default SSL certificate
to intercept, decrypt, read, and write information between one or
more of the affected devices.

Cisco has confirmed the vulnerability in a security notice and released software updates.

It is likely that one or more affected devices that an attacker could attempt to exploit would be placed on trusted, internal networks behind firewall restrictions. An attacker may require access to this network, which may reduce the likelihood of a successful exploit.