cvelistv5 - CVE-2014-0675

CVE-2014-0675

Vulnerability from cvelistv5

Published

2014-01-23 02:00

Modified

2024-08-06 09:27

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://osvdb.org/102377
ykramarz@cisco.com	http://secunia.com/advisories/56621
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=32540	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/65101	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1029682	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/90650
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/102377
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/56621
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=32540	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/65101	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029682	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/90650

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:27:19.531Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540"
          },
          {
            "name": "65101",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65101"
          },
          {
            "name": "cisco-telepresence-cve20140675-mitm(90650)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
          },
          {
            "name": "56621",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56621"
          },
          {
            "name": "102377",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102377"
          },
          {
            "name": "20140122 Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675"
          },
          {
            "name": "1029682",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1029682"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540"
        },
        {
          "name": "65101",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65101"
        },
        {
          "name": "cisco-telepresence-cve20140675-mitm(90650)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
        },
        {
          "name": "56621",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56621"
        },
        {
          "name": "102377",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102377"
        },
        {
          "name": "20140122 Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675"
        },
        {
          "name": "1029682",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1029682"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-0675",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540"
            },
            {
              "name": "65101",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65101"
            },
            {
              "name": "cisco-telepresence-cve20140675-mitm(90650)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
            },
            {
              "name": "56621",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56621"
            },
            {
              "name": "102377",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102377"
            },
            {
              "name": "20140122 Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675"
            },
            {
              "name": "1029682",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1029682"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-0675",
    "datePublished": "2014-01-23T02:00:00",
    "dateReserved": "2014-01-02T00:00:00",
    "dateUpdated": "2024-08-06T09:27:19.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"177FA398-F812-4E8D-99A3-3F7E0F690CE6\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471.\"}, {\"lang\": \"es\", \"value\": \"El componenete Expressway en Cisco TelePresence Video Communication Server (VCS) usa el mismo certificado X.509 por defecto a trav\\u00e9s de diferentes instalaciones de clientes, lo que hace m\\u00e1s sencillo para atacantes remotos llevar a cabo ataques de man-in-the-middle contra sesiones SSL mediante el aprovechamiento de la relaci\\u00f3n de confianza en el certificado, tambi\\u00e9n conocido como Bug ID CSCue07471.\"}]",
      "id": "CVE-2014-0675",
      "lastModified": "2024-11-21T02:02:38.380",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:N\", \"baseScore\": 6.4, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 4.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-01-23T04:41:16.097",
      "references": "[{\"url\": \"http://osvdb.org/102377\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://secunia.com/advisories/56621\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=32540\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/65101\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029682\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90650\", \"source\": \"ykramarz@cisco.com\"}, {\"url\": \"http://osvdb.org/102377\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/56621\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=32540\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/65101\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1029682\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/90650\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0675\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2014-01-23T04:41:16.097\",\"lastModified\":\"2024-11-21T02:02:38.380\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471.\"},{\"lang\":\"es\",\"value\":\"El componenete Expressway en Cisco TelePresence Video Communication Server (VCS) usa el mismo certificado X.509 por defecto a trav\u00e9s de diferentes instalaciones de clientes, lo que hace m\u00e1s sencillo para atacantes remotos llevar a cabo ataques de man-in-the-middle contra sesiones SSL mediante el aprovechamiento de la relaci\u00f3n de confianza en el certificado, tambi\u00e9n conocido como Bug ID CSCue07471.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:N\",\"baseScore\":6.4,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":4.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"177FA398-F812-4E8D-99A3-3F7E0F690CE6\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/102377\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://secunia.com/advisories/56621\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=32540\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/65101\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029682\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90650\",\"source\":\"ykramarz@cisco.com\"},{\"url\":\"http://osvdb.org/102377\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/56621\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=32540\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/65101\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1029682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/90650\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-8226-xx72-qrh6

Vulnerability from github

Published

2022-05-17 01:28

Modified

2022-05-17 01:28

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-0675"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-01-23T04:41:00Z",
    "severity": "MODERATE"
  },
  "details": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471.",
  "id": "GHSA-8226-xx72-qrh6",
  "modified": "2022-05-17T01:28:30Z",
  "published": "2022-05-17T01:28:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0675"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
    },
    {
      "type": "WEB",
      "url": "http://osvdb.org/102377"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/56621"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/65101"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1029682"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2014-0675

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-0675

Aliases

CVE-2014-0675

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0675",
    "description": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471.",
    "id": "GSD-2014-0675"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0675"
      ],
      "details": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471.",
      "id": "GSD-2014-0675",
      "modified": "2023-12-13T01:22:43.967775Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2014-0675",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540",
            "refsource": "CONFIRM",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540"
          },
          {
            "name": "65101",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/65101"
          },
          {
            "name": "cisco-telepresence-cve20140675-mitm(90650)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
          },
          {
            "name": "56621",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/56621"
          },
          {
            "name": "102377",
            "refsource": "OSVDB",
            "url": "http://osvdb.org/102377"
          },
          {
            "name": "20140122 Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675"
          },
          {
            "name": "1029682",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1029682"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-0675"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-255"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140122 Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675"
            },
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540"
            },
            {
              "name": "102377",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://osvdb.org/102377"
            },
            {
              "name": "65101",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/65101"
            },
            {
              "name": "1029682",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1029682"
            },
            {
              "name": "56621",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/56621"
            },
            {
              "name": "cisco-telepresence-cve20140675-mitm(90650)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:34Z",
      "publishedDate": "2014-01-23T04:41Z"
    }
  }
}

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. The issue is documented by Cisco Bug ID CSCue07471. Cisco TelePresence Video Communication Server (VCS) is a telepresence video communication server of Cisco (Cisco), which can be integrated with unified communication and voice communication environment, so as to provide the best experience for end users using various communication tools

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0339",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "telepresence video communication server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "expressway"
      },
      {
        "model": "telepresence video communication server software",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "x7.0(.3)"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0675"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0675"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The vendor reported this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "65101"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0675",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 6.4,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2014-0675",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-68168",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2014-0675",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201401-487",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-68168",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0675"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471. \nThe issue is documented by Cisco Bug ID CSCue07471. Cisco TelePresence Video Communication Server (VCS) is a telepresence video communication server of Cisco (Cisco), which can be integrated with unified communication and voice communication environment, so as to provide the best experience for end users using various communication tools",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0675"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "db": "BID",
        "id": "65101"
      },
      {
        "db": "VULHUB",
        "id": "VHN-68168"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0675",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "65101",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1029682",
        "trust": 1.1
      },
      {
        "db": "SECUNIA",
        "id": "56621",
        "trust": 1.1
      },
      {
        "db": "OSVDB",
        "id": "102377",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-487",
        "trust": 0.7
      },
      {
        "db": "CISCO",
        "id": "20140122 CISCO TELEPRESENCE VIDEO COMMUNICATION SERVER EXPRESSWAY DEFAULT SSL CERTIFICATE VULNERABILITY",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-68168",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68168"
      },
      {
        "db": "BID",
        "id": "65101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0675"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ]
  },
  "id": "VAR-201401-0339",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68168"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T13:24:57.748000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0675"
      },
      {
        "title": "32540",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32540"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-255",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68168"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0675"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0675"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/65101"
      },
      {
        "trust": 1.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32540"
      },
      {
        "trust": 1.1,
        "url": "http://osvdb.org/102377"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1029682"
      },
      {
        "trust": 1.1,
        "url": "http://secunia.com/advisories/56621"
      },
      {
        "trust": 1.1,
        "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0675"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0675"
      },
      {
        "trust": 0.3,
        "url": "http://www.apple.com"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-68168"
      },
      {
        "db": "BID",
        "id": "65101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0675"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-68168"
      },
      {
        "db": "BID",
        "id": "65101"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0675"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-01-23T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68168"
      },
      {
        "date": "2014-01-22T00:00:00",
        "db": "BID",
        "id": "65101"
      },
      {
        "date": "2014-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "date": "2014-01-23T04:41:16.097000",
        "db": "NVD",
        "id": "CVE-2014-0675"
      },
      {
        "date": "2014-01-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2017-08-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-68168"
      },
      {
        "date": "2014-01-25T01:03:00",
        "db": "BID",
        "id": "65101"
      },
      {
        "date": "2014-01-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      },
      {
        "date": "2017-08-29T01:34:15.090000",
        "db": "NVD",
        "id": "CVE-2014-0675"
      },
      {
        "date": "2014-01-27T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco TelePresence Video Communication Server of  Expressway Vulnerability in man-in-the-middle attacks in components",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001233"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "trust management",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201401-487"
      }
    ],
    "trust": 0.6
  }
}

CVE-2014-0675

Vulnerability from fkie_nvd

Published

2014-01-23 04:41

Modified

2024-11-21 02:02

Severity ?

Summary

References

URL	Tags
ykramarz@cisco.com	http://osvdb.org/102377
ykramarz@cisco.com	http://secunia.com/advisories/56621
ykramarz@cisco.com	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675	Vendor Advisory
ykramarz@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=32540	Vendor Advisory
ykramarz@cisco.com	http://www.securityfocus.com/bid/65101	Third Party Advisory, VDB Entry
ykramarz@cisco.com	http://www.securitytracker.com/id/1029682	Third Party Advisory, VDB Entry
ykramarz@cisco.com	https://exchange.xforce.ibmcloud.com/vulnerabilities/90650
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/102377
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/56621
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=32540	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/65101	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1029682	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/90650

Impacted products

	Vendor	Product	Version
	cisco	telepresence_video_communication_server	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "177FA398-F812-4E8D-99A3-3F7E0F690CE6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471."
    },
    {
      "lang": "es",
      "value": "El componenete Expressway en Cisco TelePresence Video Communication Server (VCS) usa el mismo certificado X.509 por defecto a trav\u00e9s de diferentes instalaciones de clientes, lo que hace m\u00e1s sencillo para atacantes remotos llevar a cabo ataques de man-in-the-middle contra sesiones SSL mediante el aprovechamiento de la relaci\u00f3n de confianza en el certificado, tambi\u00e9n conocido como Bug ID CSCue07471."
    }
  ],
  "id": "CVE-2014-0675",
  "lastModified": "2024-11-21T02:02:38.380",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-01-23T04:41:16.097",
  "references": [
    {
      "source": "ykramarz@cisco.com",
      "url": "http://osvdb.org/102377"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "http://secunia.com/advisories/56621"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65101"
    },
    {
      "source": "ykramarz@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029682"
    },
    {
      "source": "ykramarz@cisco.com",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/102377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/56621"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32540"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/65101"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1029682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
    }
  ],
  "sourceIdentifier": "ykramarz@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-255"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-0675

Vulnerability from cvelistv5

ghsa-8226-xx72-qrh6

Vulnerability from github

gsd-2014-0675

Vulnerability from gsd

var-201401-0339

Vulnerability from variot

CVE-2014-0675

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature