Sign-up

ID

VAR-201401-0339


CVE

CVE-2014-0675


TITLE

Cisco TelePresence Video Communication Server of Expressway Vulnerability in man-in-the-middle attacks in components

Trust: 0.8

sources: JVNDB: JVNDB-2014-001233

DESCRIPTION

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. The issue is documented by Cisco Bug ID CSCue07471. Cisco TelePresence Video Communication Server (VCS) is a telepresence video communication server of Cisco (Cisco), which can be integrated with unified communication and voice communication environment, so as to provide the best experience for end users using various communication tools

Trust: 1.98

sources: NVD: CVE-2014-0675 // JVNDB: JVNDB-2014-001233 // BID: 65101 // VULHUB: VHN-68168

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence video communication serverscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:telepresence video communication serverscope:eqversion:expressway

Trust: 0.8

vendor:ciscomodel:telepresence video communication server softwarescope:lteversion:x7.0(.3)

Trust: 0.8

sources: JVNDB: JVNDB-2014-001233 // CNNVD: CNNVD-201401-487 // NVD: CVE-2014-0675

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-0675
value: MEDIUM

Trust: 1.0

NVD: CVE-2014-0675
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201401-487
value: MEDIUM

Trust: 0.6

VULHUB: VHN-68168
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-0675
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-68168
severity: MEDIUM
baseScore: 6.4
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-68168 // JVNDB: JVNDB-2014-001233 // CNNVD: CNNVD-201401-487 // NVD: CVE-2014-0675

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-68168 // JVNDB: JVNDB-2014-001233 // NVD: CVE-2014-0675

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201401-487

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201401-487

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2014-001233

PATCH
title:Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675
Trust: 0.8
title:32540url:http://tools.cisco.com/security/center/viewAlert.x?alertId=32540
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2014-001233

EXTERNAL IDS
db:NVDid:CVE-2014-0675
Trust: 2.8
db:BIDid:65101
Trust: 1.4
db:SECTRACKid:1029682
Trust: 1.1
db:SECUNIAid:56621
Trust: 1.1
db:OSVDBid:102377
Trust: 1.1
db:JVNDBid:JVNDB-2014-001233
Trust: 0.8
db:CNNVDid:CNNVD-201401-487
Trust: 0.7
db:CISCOid:20140122 CISCO TELEPRESENCE VIDEO COMMUNICATION SERVER EXPRESSWAY DEFAULT SSL CERTIFICATE VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-68168
Trust: 0.1
sources:
            
            
            VULHUB: VHN-68168 // 
            
            
            
            BID: 65101 // 
            
            
            
            JVNDB: JVNDB-2014-001233 // 
            
            
            
            CNNVD: CNNVD-201401-487 // 
            
            
            
            NVD: CVE-2014-0675

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0675
Trust: 1.7
url:http://www.securityfocus.com/bid/65101
Trust: 1.1
url:http://tools.cisco.com/security/center/viewalert.x?alertid=32540
Trust: 1.1
url:http://osvdb.org/102377
Trust: 1.1
url:http://www.securitytracker.com/id/1029682
Trust: 1.1
url:http://secunia.com/advisories/56621
Trust: 1.1
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90650
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0675
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0675
Trust: 0.8
url:http://www.apple.com
Trust: 0.3
sources:
            
            
            VULHUB: VHN-68168 // 
            
            
            
            BID: 65101 // 
            
            
            
            JVNDB: JVNDB-2014-001233 // 
            
            
            
            CNNVD: CNNVD-201401-487 // 
            
            
            
            NVD: CVE-2014-0675

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 65101

SOURCES
db:VULHUBid:VHN-68168
db:BIDid:65101
db:JVNDBid:JVNDB-2014-001233
db:CNNVDid:CNNVD-201401-487
db:NVDid:CVE-2014-0675

LAST UPDATE DATE
2024-11-23T22:52:54.080000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-68168date:2017-08-29T00:00:00
db:BIDid:65101date:2014-01-25T01:03:00
db:JVNDBid:JVNDB-2014-001233date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-487date:2014-01-27T00:00:00
db:NVDid:CVE-2014-0675date:2024-11-21T02:02:38.380

SOURCES RELEASE DATE
db:VULHUBid:VHN-68168date:2014-01-23T00:00:00
db:BIDid:65101date:2014-01-22T00:00:00
db:JVNDBid:JVNDB-2014-001233date:2014-01-24T00:00:00
db:CNNVDid:CNNVD-201401-487date:2014-01-27T00:00:00
db:NVDid:CVE-2014-0675date:2014-01-23T04:41:16.097