Design/Logic Flaw
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager CM 10.01 and earlier does not properly validate the Subject Alternative Name SAN field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a...