Detections
Analytics

CVE-2014-7991

high

Description

The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98574

http://www.securitytracker.com/id/1031181

http://www.securityfocus.com/bid/71013

http://tools.cisco.com/security/center/viewAlert.x?alertId=36381

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991

http://secunia.com/advisories/62267

Details

Source: Mitre, NVD

Published: 2014-11-14

Updated: 2017-09-08

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High