Lucene search
CiscoCVE-2014-0675HistoryJan 23, 2014 - 4:41 a.m.
CVE-2014-0675
2014-01-2304:41:16
CWE-255
cisco
web.nvd.nist.gov
28
cisco
telepresence
vcs
expressway
ssl
vulnerability
man-in-the-middle
cve-2014-0675
nvd
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.004
Percentile
72.7%
The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers’ installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate’s trust relationship, aka Bug ID CSCue07471.
Affected configurations
Node
ciscotelepresence_video_communication_serverMatch-
| Vendor | Product | Version | CPE |
|---|---|---|---|
| cisco | telepresence_video_communication_server | - | cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-0675
2014-01-23 02:00:00
cisco
cisco
nessus
nessus
prion
prion
Default credentials
2014-01-23 04:41:00
nvd
nvd
CVE-2014-0675
2014-01-23 04:41:16
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.7
Confidence
Low
EPSS
0.004
Percentile
72.7%
Related for CVE-2014-0675