CVE-2014-0675

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

he Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.

References

Link	Resource
http://osvdb.org/102377
http://secunia.com/advisories/56621
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=32540	Vendor Advisory
http://www.securityfocus.com/bid/65101	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029682	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90650
http://osvdb.org/102377
http://secunia.com/advisories/56621
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675	Vendor Advisory
http://tools.cisco.com/security/center/viewAlert.x?alertId=32540	Vendor Advisory
http://www.securityfocus.com/bid/65101	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1029682	Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/90650

Configurations

Configuration 1 (hide)

cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:02

Type	Values Removed	Values Added
References	~~() http://osvdb.org/102377 -~~	() http://osvdb.org/102377 -
References	~~() http://secunia.com/advisories/56621 -~~	() http://secunia.com/advisories/56621 -
References	~~() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675 - Vendor Advisory~~	() http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675 - Vendor Advisory
References	~~() http://tools.cisco.com/security/center/viewAlert.x?alertId=32540 - Vendor Advisory~~	() http://tools.cisco.com/security/center/viewAlert.x?alertId=32540 - Vendor Advisory
References	~~() http://www.securityfocus.com/bid/65101 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/65101 - Third Party Advisory, VDB Entry
References	~~() http://www.securitytracker.com/id/1029682 - Third Party Advisory, VDB Entry~~	() http://www.securitytracker.com/id/1029682 - Third Party Advisory, VDB Entry
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/90650 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/90650 -

Information

Published : 2014-01-23 04:41

Updated : 2025-04-11 00:51

NVD link : CVE-2014-0675

Mitre link : CVE-2014-0675

CVE.ORG link : CVE-2014-0675

JSON object : View

Products Affected

cisco

telepresence_video_communication_server

CWE

CWE-255

Credentials Management Errors

6.4 /10