Lucene search

[email protected]CVE-2014-0675

HistoryJan 23, 2014 - 4:41 a.m.

CVE-2014-0675

2014-01-2304:41:16

CWE-255

[email protected]

web.nvd.nist.gov

cisco

telepresence

vcs

expressway

ssl

vulnerability

man-in-the-middle

cve-2014-0675

nvd

6.7 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers’ installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate’s trust relationship, aka Bug ID CSCue07471.

Affected configurations

NVD

Node

ciscotelepresence_video_communication_serverMatch-

CPENameOperatorVersion
cisco:telepresence_video_communication_servercisco telepresence video communication servereq-

CPE	Name	Operator	Version
cisco:telepresence_video_communication_server	cisco telepresence video communication server	eq	-

References

osvdb.org/102377

secunia.com/advisories/56621

tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675

tools.cisco.com/security/center/viewAlert.x?alertId=32540

www.securityfocus.com/bid/65101

www.securitytracker.com/id/1029682

exchange.xforce.ibmcloud.com/vulnerabilities/90650

6.7 Medium

AI Score

Confidence

Low

6.4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

72.7%

JSON

Related for CVE-2014-0675

cvelist1 cisco1 nessus1 prion1 nvd1