CVE-2014-7991

2014-11-1400:59:03

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

45.0%

JSON

The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.

Affected configurations

Nvd

Node

ciscounified_communications_managerRange≤10.0\(1\)

ciscounified_communications_managerMatch10.0

VendorProductVersionCPE
ciscounified_communications_manager*cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
ciscounified_communications_manager10.0cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	*	cpe:2.3:a:cisco:unified_communications_manager::::::::
cisco	unified_communications_manager	10.0	cpe:2.3:a:cisco:unified_communications_manager:10.0:::::::*