Details of VAR-201405-0347

ID

VAR-201405-0347

CVE

CVE-2014-3274

TITLE

Cisco TelePresence System Vulnerability in obtaining important directory information

Trust: 0.8

sources: JVNDB: JVNDB-2014-002648

DESCRIPTION

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326. Cisco TelePresence is a Cisco TelePresence solution that delivers life-size ultra-high definition video (1080p), CD-quality audio, a specially designed environment, and interactive components that provide \"face-to-face\" for remote participants. Meeting experience. A remote information disclosure vulnerability exists in the Cisco TelePresence System that an attacker could use to obtain sensitive information or to deny legitimate users. Cisco TelePresence System is prone to a remote information-disclosure vulnerability. This may result in further attacks. This issue is tracked by Cisco Bug ID CSCuj26326. There is a security vulnerability in Cisco CTS 6.0(.5)(5) and earlier versions. The vulnerability is caused by the program not correctly implementing HTTPS in the transmission directory content

Trust: 2.52

sources: NVD: CVE-2014-3274 // JVNDB: JVNDB-2014-002648 // CNVD: CNVD-2014-03241 // BID: 67558 // VULHUB: VHN-71214

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2014-03241

AFFECTED PRODUCTS

vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.2\(4937\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.3\(4042\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.6\(4109\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.5\(4097\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.0.1\(4764\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.2.1\(2\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.7\(4212\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.0.2\(4719\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.1\(4864\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.8\(4222\)	Trust: 1.6
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.2.3\(1101\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.2\(11\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.5	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.0\(259\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.1	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.1\(2082\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.3	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.10\(3648\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.1\(43\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.3.2\(1393\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.3\(44\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.1\(50\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.11\(3659\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.2	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.4\(11\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.2\(4023\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.4\(13\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.0.1\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.2\(19\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.1\(34\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	6.0.5\(5\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.4\(270\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.0.1\(3\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.4	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.2\(28\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.3\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.0\(55\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.13\(3717\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.0\(46\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.8.5\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.3\(41\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.5\(42\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.1\(68\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.0\(3954\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.6\(2\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	6.0.3\(33\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.12\(3701\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.4.7\(2229\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.4\(19\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.5\(7\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.2\(42\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.5.3\(2115\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.10.0	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.6	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.6.4\(4072\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.7.6\(4\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	eq	version:	1.9.6.1\(3\)	Trust: 1.0
vendor:	cisco	model:	telepresence system software	scope:	lte	version:	6.0(.5)(5)	Trust: 0.8
vendor:	cisco	model:	telepresence systems	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2014-03241 // JVNDB: JVNDB-2014-002648 // CNNVD: CNNVD-201405-474 // NVD: CVE-2014-3274

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3274
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3274
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2014-03241
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201405-474
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71214
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3274
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2014-03241
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-71214
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2014-03241 // VULHUB: VHN-71214 // JVNDB: JVNDB-2014-002648 // CNNVD: CNNVD-201405-474 // NVD: CVE-2014-3274

PROBLEMTYPE DATA

problemtype:

CWE-310

Trust: 1.9

sources: VULHUB: VHN-71214 // JVNDB: JVNDB-2014-002648 // NVD: CVE-2014-3274

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201405-474

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201405-474

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-002648

PATCH

title:	Cisco TelePresence System Directory Information Disclosure Vulnerability	url:	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274	Trust: 0.8
title:	34327	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=34327	Trust: 0.8
title:	Patch for Cisco TelePresence System HTTPS Information Communication Disclosure Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/45862	Trust: 0.6

sources: CNVD: CNVD-2014-03241 // JVNDB: JVNDB-2014-002648

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3274	Trust: 3.4
db:	SECTRACK	id:	1030272	Trust: 1.1
db:	BID	id:	67558	Trust: 1.0
db:	JVNDB	id:	JVNDB-2014-002648	Trust: 0.8
db:	CNNVD	id:	CNNVD-201405-474	Trust: 0.7
db:	CNVD	id:	CNVD-2014-03241	Trust: 0.6
db:	CISCO	id:	20140521 CISCO TELEPRESENCE SYSTEM DIRECTORY INFORMATION DISCLOSURE VULNERABILITY	Trust: 0.6
db:	VULHUB	id:	VHN-71214	Trust: 0.1

sources: CNVD: CNVD-2014-03241 // VULHUB: VHN-71214 // BID: 67558 // JVNDB: JVNDB-2014-002648 // CNNVD: CNNVD-201405-474 // NVD: CVE-2014-3274

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-3274	Trust: 1.7
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=34327	Trust: 1.7
url:	http://www.securitytracker.com/id/1030272	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3274	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3274	Trust: 0.8
url:	http://www.securityfocus.com/bid/67558	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2014-03241 // VULHUB: VHN-71214 // BID: 67558 // JVNDB: JVNDB-2014-002648 // CNNVD: CNNVD-201405-474 // NVD: CVE-2014-3274

CREDITS

Cisco

Trust: 0.3

sources: BID: 67558

SOURCES

db:	CNVD	id:	CNVD-2014-03241
db:	VULHUB	id:	VHN-71214
db:	BID	id:	67558
db:	JVNDB	id:	JVNDB-2014-002648
db:	CNNVD	id:	CNNVD-201405-474
db:	NVD	id:	CVE-2014-3274

LAST UPDATE DATE

2024-11-23T22:49:31.351000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2014-03241	date:	2014-05-26T00:00:00
db:	VULHUB	id:	VHN-71214	date:	2016-09-07T00:00:00
db:	BID	id:	67558	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-002648	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-474	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3274	date:	2024-11-21T02:07:46.323

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2014-03241	date:	2014-05-23T00:00:00
db:	VULHUB	id:	VHN-71214	date:	2014-05-26T00:00:00
db:	BID	id:	67558	date:	2014-05-21T00:00:00
db:	JVNDB	id:	JVNDB-2014-002648	date:	2014-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201405-474	date:	2014-05-28T00:00:00
db:	NVD	id:	CVE-2014-3274	date:	2014-05-26T00:25:31.407