Cisco TelePresence Video Communication Server Expressway Default SSL Certificate

medium Nessus Plugin ID 72245


The remote service is using a well-known SSL certificate whose private key has been published.


The X.509 certificate of the remote host is known to ship by default with the remote service / device. The private key for this cert has been published, therefore the SSL communications done with the remote host cannot be considered secret as anyone with the ability to snoop the traffic between the remote host and the clients could decipher the traffic or launch a man-in-the-middle attack.


Purchase or generate a proper certificate for this service and replace it, or ask your vendor for a way to do so.

See Also

Plugin Details

Severity: Medium

ID: 72245

File Name: cisco_telepresence_video_communication_server_default_ssl_cert.nasl

Version: 1.10

Type: remote

Family: CISCO

Published: 2/1/2014

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 2.5


Risk Factor: Medium

Base Score: 6.4

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS Score Source: CVE-2014-0675


Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/h:cisco:telepresence_video_communication_server, cpe:/a:cisco:telepresence_video_communication_server, cpe:/a:cisco:telepresence_video_communication_server_software

Required KB Items: SSL/Supported, Cisco/TelePresence_VCS/Version

Exploit Ease: No exploit is required

Vulnerability Publication Date: 1/22/2014

Reference Information

CVE: CVE-2014-0675

BID: 65101