cve-2014-3274
Vulnerability from cvelistv5
Published
2014-05-23 22:00
Modified
2024-08-06 10:35
Severity ?
Summary
Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.
References
ykramarz@cisco.comhttp://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274Vendor Advisory
ykramarz@cisco.comhttp://tools.cisco.com/security/center/viewAlert.x?alertId=34327Vendor Advisory
ykramarz@cisco.comhttp://www.securitytracker.com/id/1030272Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://tools.cisco.com/security/center/viewAlert.x?alertId=34327Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1030272Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:35:57.154Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327"
          },
          {
            "name": "20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274"
          },
          {
            "name": "1030272",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1030272"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-05-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-06-09T12:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327"
        },
        {
          "name": "20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274"
        },
        {
          "name": "1030272",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1030272"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2014-3274",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327",
              "refsource": "CONFIRM",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327"
            },
            {
              "name": "20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274"
            },
            {
              "name": "1030272",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1030272"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2014-3274",
    "datePublished": "2014-05-23T22:00:00",
    "dateReserved": "2014-05-07T00:00:00",
    "dateUpdated": "2024-08-06T10:35:57.154Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"6.0.5\\\\(5\\\\)\", \"matchCriteriaId\": \"89820E2D-120B-4E92-95FE-7D4072C915F6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.2.3\\\\(1101\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"12193063-0545-402F-87E6-61023184F5EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.3.2\\\\(1393\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90D72D8E-0826-4716-A2EE-B934150EC5F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.4.7\\\\(2229\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"494F0584-197E-4892-BD58-B574DBD090FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.1\\\\(2082\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEAF862B-43D6-42A2-B710-ED803906F251\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.3\\\\(2115\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FA3E247-E67F-4237-AF71-FEB0528EC35F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.10\\\\(3648\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C68D879E-4522-4069-84B7-ED7C511B9D05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.11\\\\(3659\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C97CD7F-1ED4-4F44-BC53-5CC3871915B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.12\\\\(3701\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45A3BE96-E4F8-4362-A18E-0EBCF4D65490\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.5.13\\\\(3717\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"679CFA7C-60D4-4369-905F-B52DCD321603\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.0\\\\(3954\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"90C4668B-CB7C-44EB-B352-DED7C252EAD6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.2\\\\(4023\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BDB4EBF-C8A1-4CE6-B377-C09983BF3A21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.3\\\\(4042\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43DAFA6C-2A25-499D-B11B-801F9031F2A5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.4\\\\(4072\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"456BF22C-3010-451F-853F-C46E94E954D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.5\\\\(4097\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4A64D44-EC08-4601-93AC-6C02A4412D8C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.6\\\\(4109\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"090FA16C-ABF2-4464-8219-D7A8917A7ECC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.7\\\\(4212\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"774A9C95-8111-425B-A411-26F614384135\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.6.8\\\\(4222\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6D1A003-6593-4934-8518-CC40F3F8ACE3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.7.0.1\\\\(4764\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B98FCCA-923C-4501-9B06-70CB3731F49A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.7.0.2\\\\(4719\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"29E0E9FC-EF3F-470A-93A4-CC9C7A71F6EC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.7.1\\\\(4864\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1AE77C52-E526-4B48-8EFA-5F5C59956308\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.7.2\\\\(4937\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF620174-5C3E-43AF-8AEB-B9DD87F8C451\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.7.2.1\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"315EDAEC-3C60-445A-9613-23D38E8C2873\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.7.4\\\\(270\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"551E171E-973F-47A5-8A7F-70062E76E9CD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.7.5\\\\(42\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"43DB9A3E-F495-4D22-874F-DDFB73C07534\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.7.6\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2177AF2B-BF5C-431C-8899-88ECC4E91BC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.8.0\\\\(55\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F2DBBADC-6367-4F75-9F58-E42A05AC992C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.8.1\\\\(34\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFEAB6C5-3B65-42D0-B597-0322D9F57C82\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.8.2\\\\(11\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FD609D6C-0DA9-4D5F-B2F0-88BCAFCB7959\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.8.3\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"62CBB917-651A-4EB8-842D-0BEA708A1BFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.8.4\\\\(13\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8BBAAC16-A2BE-4D8D-8DEA-9FD4BDA7E17B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.8.5\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8819E5D6-F369-4BD2-A816-94F7A919C4B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.0\\\\(46\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34508470-64C3-4A99-BBB0-169AFA3BE50B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.0.1\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09D6BB57-FB29-4DBD-9974-7DE67695A416\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.1\\\\(68\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E6570B01-07EB-425B-91E7-70517889A462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3BE52CFC-2DE3-4780-9471-BA2390070C78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.2\\\\(19\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68710E69-4FD8-4FED-9D7B-CE7317982E2F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68884D7C-6F29-4435-8904-C684959C9D4D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.3\\\\(44\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00737930-5F3C-4274-9633-00B3837ED6BC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"52DDA787-1F51-415A-BF59-B9EAAE69EA2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.4\\\\(19\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"995E5365-B6C3-4A4A-9F14-EADD27C8B9B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BABEE2DD-7C86-4BD0-9928-DC370D3F786B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.5\\\\(7\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20831FBF-99C9-4B02-A577-6D28CC2983DD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"79C69EA5-F5D2-4DC7-BE08-F0CBA967A249\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.6\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"34600183-7CCF-4424-8887-8EC9ADD1B09E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.9.6.1\\\\(3\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53734B19-352E-40F4-9A7C-E1A545B511FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4E70952-7132-4F2B-932F-56FAD2A89A96\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.10.0\\\\(259\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0B3E2221-6FA5-4ABB-9102-414430E4865B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F861192D-6138-49D2-BF8A-2D10B863253A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.10.1\\\\(43\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5E6F9075-05E8-4B02-94C3-6AC2D36F5979\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.10.2\\\\(42\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"93666603-82A3-4E19-9BD1-4B0F39390992\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:1.10.3\\\\(41\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9ED6E73D-7510-44DB-ADDB-9F757F90232E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4BF71FA2-B8FC-4AE7-A0FD-8A4FAA0FE510\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:6.0.0.1\\\\(4\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C315F74-11D0-42EF-84F7-A9747A8C03E1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:6.0.1\\\\(50\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18516CB9-5EE8-4CC3-ACC3-6A0DF29D1D4B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:6.0.2\\\\(28\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A03B63BB-9DE1-41F9-A993-8295C368F611\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:6.0.3\\\\(33\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E32AA0A3-88AD-40D9-BF87-0DB0C1C7DADB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cisco:telepresence_system_software:6.0.4\\\\(11\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"45697A1C-B866-4BFE-8311-C82DDCE0A5C1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.\"}, {\"lang\": \"es\", \"value\": \"Cisco TelePresence System (CTS) 6.0(.5)(5) y anteriores recurre a HTTP cuando ciertas sesiones HTTPS no pueden ser establecidas, lo que permite a atacantes man-in-the-middle obtener informaci\\u00f3n sensible de directorio mediante el aprovechamiento de una posici\\u00f3n de red entre CTS y Cisco Unified Communications Manager (UCM) para bloquear trafico HTTPS, tambi\\u00e9n conocido como Bug ID CSCuj26326.\"}]",
      "id": "CVE-2014-3274",
      "lastModified": "2024-11-21T02:07:46.323",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-05-26T00:25:31.407",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=34327\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1030272\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=34327\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securitytracker.com/id/1030272\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-3274\",\"sourceIdentifier\":\"ykramarz@cisco.com\",\"published\":\"2014-05-26T00:25:31.407\",\"lastModified\":\"2024-11-21T02:07:46.323\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.\"},{\"lang\":\"es\",\"value\":\"Cisco TelePresence System (CTS) 6.0(.5)(5) y anteriores recurre a HTTP cuando ciertas sesiones HTTPS no pueden ser establecidas, lo que permite a atacantes man-in-the-middle obtener informaci\u00f3n sensible de directorio mediante el aprovechamiento de una posici\u00f3n de red entre CTS y Cisco Unified Communications Manager (UCM) para bloquear trafico HTTPS, tambi\u00e9n conocido como Bug ID CSCuj26326.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"6.0.5\\\\(5\\\\)\",\"matchCriteriaId\":\"89820E2D-120B-4E92-95FE-7D4072C915F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.2.3\\\\(1101\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"12193063-0545-402F-87E6-61023184F5EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.3.2\\\\(1393\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90D72D8E-0826-4716-A2EE-B934150EC5F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.4.7\\\\(2229\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"494F0584-197E-4892-BD58-B574DBD090FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.1\\\\(2082\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEAF862B-43D6-42A2-B710-ED803906F251\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.3\\\\(2115\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FA3E247-E67F-4237-AF71-FEB0528EC35F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.10\\\\(3648\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C68D879E-4522-4069-84B7-ED7C511B9D05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.11\\\\(3659\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C97CD7F-1ED4-4F44-BC53-5CC3871915B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.12\\\\(3701\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A3BE96-E4F8-4362-A18E-0EBCF4D65490\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.5.13\\\\(3717\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"679CFA7C-60D4-4369-905F-B52DCD321603\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.0\\\\(3954\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90C4668B-CB7C-44EB-B352-DED7C252EAD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.2\\\\(4023\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BDB4EBF-C8A1-4CE6-B377-C09983BF3A21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.3\\\\(4042\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43DAFA6C-2A25-499D-B11B-801F9031F2A5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.4\\\\(4072\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"456BF22C-3010-451F-853F-C46E94E954D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.5\\\\(4097\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A64D44-EC08-4601-93AC-6C02A4412D8C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.6\\\\(4109\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"090FA16C-ABF2-4464-8219-D7A8917A7ECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.7\\\\(4212\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"774A9C95-8111-425B-A411-26F614384135\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.6.8\\\\(4222\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6D1A003-6593-4934-8518-CC40F3F8ACE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.7.0.1\\\\(4764\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B98FCCA-923C-4501-9B06-70CB3731F49A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.7.0.2\\\\(4719\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29E0E9FC-EF3F-470A-93A4-CC9C7A71F6EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.7.1\\\\(4864\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1AE77C52-E526-4B48-8EFA-5F5C59956308\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.7.2\\\\(4937\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF620174-5C3E-43AF-8AEB-B9DD87F8C451\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.7.2.1\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"315EDAEC-3C60-445A-9613-23D38E8C2873\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.7.4\\\\(270\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"551E171E-973F-47A5-8A7F-70062E76E9CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.7.5\\\\(42\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43DB9A3E-F495-4D22-874F-DDFB73C07534\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.7.6\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2177AF2B-BF5C-431C-8899-88ECC4E91BC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.8.0\\\\(55\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2DBBADC-6367-4F75-9F58-E42A05AC992C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.8.1\\\\(34\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFEAB6C5-3B65-42D0-B597-0322D9F57C82\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.8.2\\\\(11\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD609D6C-0DA9-4D5F-B2F0-88BCAFCB7959\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.8.3\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"62CBB917-651A-4EB8-842D-0BEA708A1BFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.8.4\\\\(13\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8BBAAC16-A2BE-4D8D-8DEA-9FD4BDA7E17B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.8.5\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8819E5D6-F369-4BD2-A816-94F7A919C4B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.0\\\\(46\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34508470-64C3-4A99-BBB0-169AFA3BE50B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.0.1\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09D6BB57-FB29-4DBD-9974-7DE67695A416\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.1\\\\(68\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6570B01-07EB-425B-91E7-70517889A462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BE52CFC-2DE3-4780-9471-BA2390070C78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.2\\\\(19\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68710E69-4FD8-4FED-9D7B-CE7317982E2F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68884D7C-6F29-4435-8904-C684959C9D4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.3\\\\(44\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00737930-5F3C-4274-9633-00B3837ED6BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52DDA787-1F51-415A-BF59-B9EAAE69EA2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.4\\\\(19\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"995E5365-B6C3-4A4A-9F14-EADD27C8B9B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BABEE2DD-7C86-4BD0-9928-DC370D3F786B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.5\\\\(7\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20831FBF-99C9-4B02-A577-6D28CC2983DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79C69EA5-F5D2-4DC7-BE08-F0CBA967A249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.6\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"34600183-7CCF-4424-8887-8EC9ADD1B09E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.9.6.1\\\\(3\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53734B19-352E-40F4-9A7C-E1A545B511FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4E70952-7132-4F2B-932F-56FAD2A89A96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.10.0\\\\(259\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B3E2221-6FA5-4ABB-9102-414430E4865B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F861192D-6138-49D2-BF8A-2D10B863253A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.10.1\\\\(43\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E6F9075-05E8-4B02-94C3-6AC2D36F5979\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.10.2\\\\(42\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93666603-82A3-4E19-9BD1-4B0F39390992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:1.10.3\\\\(41\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9ED6E73D-7510-44DB-ADDB-9F757F90232E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BF71FA2-B8FC-4AE7-A0FD-8A4FAA0FE510\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:6.0.0.1\\\\(4\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C315F74-11D0-42EF-84F7-A9747A8C03E1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:6.0.1\\\\(50\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18516CB9-5EE8-4CC3-ACC3-6A0DF29D1D4B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:6.0.2\\\\(28\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A03B63BB-9DE1-41F9-A993-8295C368F611\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:6.0.3\\\\(33\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E32AA0A3-88AD-40D9-BF87-0DB0C1C7DADB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cisco:telepresence_system_software:6.0.4\\\\(11\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45697A1C-B866-4BFE-8311-C82DDCE0A5C1\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=34327\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1030272\",\"source\":\"ykramarz@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=34327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1030272\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.