Lucene search

[email protected]CVE-2015-6414

HistoryDec 13, 2015 - 3:59 a.m.

CVE-2015-6414

2015-12-1303:59:08

CWE-200

[email protected]

web.nvd.nist.gov

cisco

vcs

telepresence

encryption key

vulnerability

nvd

cve-2015-6414

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers’ installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516.

Affected configurations

NVD

Node

ciscotelepresence_video_communication_server_softwareMatchx8.6

CPENameOperatorVersion
cisco:telepresence_video_communication_server_softwarecisco telepresence video communication server softwareeqx8.6

CPE	Name	Operator	Version
cisco:telepresence_video_communication_server_software	cisco telepresence video communication server software	eq	x8.6

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs

www.securityfocus.com/bid/79065

www.securitytracker.com/id/1034429

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2015-6414

cisco1 prion1 cvelist1 nvd1 openvas1