CVE-2014-0675

high

Description

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/90650

http://www.securitytracker.com/id/1029682

http://www.securityfocus.com/bid/65101

http://tools.cisco.com/security/center/viewAlert.x?alertId=32540

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675

http://secunia.com/advisories/56621

http://osvdb.org/102377

Details

Source: Mitre, NVD

Published: 2014-01-23

Updated: 2017-08-29

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High