VAR-201401-0339
Vulnerability from variot - Updated: 2023-12-18 13:24The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. The issue is documented by Cisco Bug ID CSCue07471. Cisco TelePresence Video Communication Server (VCS) is a telepresence video communication server of Cisco (Cisco), which can be integrated with unified communication and voice communication environment, so as to provide the best experience for end users using various communication tools
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "expressway"
},
{
"model": "telepresence video communication server software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "x7.0(.3)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0675"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "65101"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0675",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-68168",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0675",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-487",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68168",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471. \nThe issue is documented by Cisco Bug ID CSCue07471. Cisco TelePresence Video Communication Server (VCS) is a telepresence video communication server of Cisco (Cisco), which can be integrated with unified communication and voice communication environment, so as to provide the best experience for end users using various communication tools",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "BID",
"id": "65101"
},
{
"db": "VULHUB",
"id": "VHN-68168"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0675",
"trust": 2.8
},
{
"db": "BID",
"id": "65101",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1029682",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56621",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "102377",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20140122 CISCO TELEPRESENCE VIDEO COMMUNICATION SERVER EXPRESSWAY DEFAULT SSL CERTIFICATE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-68168",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "BID",
"id": "65101"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"id": "VAR-201401-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:24:57.748000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0675"
},
{
"title": "32540",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32540"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0675"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65101"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32540"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102377"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029682"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56621"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0675"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0675"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "BID",
"id": "65101"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "BID",
"id": "65101"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-68168"
},
{
"date": "2014-01-22T00:00:00",
"db": "BID",
"id": "65101"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"date": "2014-01-23T04:41:16.097000",
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"date": "2014-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-68168"
},
{
"date": "2014-01-25T01:03:00",
"db": "BID",
"id": "65101"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"date": "2017-08-29T01:34:15.090000",
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"date": "2014-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Video Communication Server of Expressway Vulnerability in man-in-the-middle attacks in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…