Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveCiscoCVE-2014-7991
HistoryNov 14, 2014 - 12:59 a.m.

CVE-2014-7991

2014-11-1400:59:03
CWE-310
cisco
web.nvd.nist.gov
24
cisco
unified communications manager
cm
remote mobile access subsystem
x.509 certificate
san
man-in-the-middle attack
vcs core devices
certification authority
cve-2014-7991
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

45.0%

JSON

The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.

Affected configurations

Nvd
Node
ciscounified_communications_managerRange10.0\(1\)
OR
ciscounified_communications_managerMatch10.0
VendorProductVersionCPE
ciscounified_communications_manager*cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
ciscounified_communications_manager10.0cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*

Related

nessus 1
nvd 1
cisco 1
cvelist 1
prion 1
nessus
nessus
Cisco Unified Communications Manager TLS SAN Field MitM (CSCuq86376)
2014-12-29 00:00:00
nvd
nvd
CVE-2014-7991
2014-11-14 00:59:03
cisco
cisco
Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability
2014-11-11 15:49:48
cvelist
cvelist
CVE-2014-7991
2014-11-14 00:00:00
prion
prion
Design/Logic Flaw
2014-11-14 00:59:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

45.0%

JSON
Related for CVE-2014-7991
nessus1nvd1cisco1cvelist1prion1