CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
45.0%
A vulnerability in the Remote Mobile Access Subsystem in Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to supply a crafted Transport Layer Security (TLS) certificate that may be accepted by the affected device.
The vulnerability is due to improper validation of the SAN field of a TLS certificate. An attacker could exploit this vulnerability by impersonating a VCS core device and supplying a certificate signed by a certificate authority trusted by the Cisco Unified CM that contains crafted values in the SAN field.
Cisco has confirmed the vulnerability in a security notice and released software updates.
To exploit this vulnerability, an attacker may need to access a trusted, internal network, impersonate a VCS Core device, and supply a certificate signed by a trusted certificate authority of the targeted device. These requirements may reduce the likelihood of a successful exploit.
Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | unified_communications_manager | any | cpe:2.3:a:cisco:unified_communications_manager:any:*:*:*:*:*:*:* |