var-201401-0339
Vulnerability from variot
The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471. The issue is documented by Cisco Bug ID CSCue07471. Cisco TelePresence Video Communication Server (VCS) is a telepresence video communication server of Cisco (Cisco), which can be integrated with unified communication and voice communication environment, so as to provide the best experience for end users using various communication tools
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201401-0339",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "telepresence video communication server",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "expressway"
},
{
"model": "telepresence video communication server software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "x7.0(.3)"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:telepresence_video_communication_server:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0675"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "65101"
}
],
"trust": 0.3
},
"cve": "CVE-2014-0675",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2014-0675",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-68168",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2014-0675",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201401-487",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-68168",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers\u0027 installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate\u0027s trust relationship, aka Bug ID CSCue07471. \nThe issue is documented by Cisco Bug ID CSCue07471. Cisco TelePresence Video Communication Server (VCS) is a telepresence video communication server of Cisco (Cisco), which can be integrated with unified communication and voice communication environment, so as to provide the best experience for end users using various communication tools",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "BID",
"id": "65101"
},
{
"db": "VULHUB",
"id": "VHN-68168"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-0675",
"trust": 2.8
},
{
"db": "BID",
"id": "65101",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1029682",
"trust": 1.1
},
{
"db": "SECUNIA",
"id": "56621",
"trust": 1.1
},
{
"db": "OSVDB",
"id": "102377",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487",
"trust": 0.7
},
{
"db": "CISCO",
"id": "20140122 CISCO TELEPRESENCE VIDEO COMMUNICATION SERVER EXPRESSWAY DEFAULT SSL CERTIFICATE VULNERABILITY",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-68168",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "BID",
"id": "65101"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"id": "VAR-201401-0339",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:24:57.748000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0675"
},
{
"title": "32540",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32540"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-255",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2014-0675"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/65101"
},
{
"trust": 1.1,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=32540"
},
{
"trust": 1.1,
"url": "http://osvdb.org/102377"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1029682"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/56621"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90650"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0675"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0675"
},
{
"trust": 0.3,
"url": "http://www.apple.com"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "BID",
"id": "65101"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-68168"
},
{
"db": "BID",
"id": "65101"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-01-23T00:00:00",
"db": "VULHUB",
"id": "VHN-68168"
},
{
"date": "2014-01-22T00:00:00",
"db": "BID",
"id": "65101"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"date": "2014-01-23T04:41:16.097000",
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"date": "2014-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-08-29T00:00:00",
"db": "VULHUB",
"id": "VHN-68168"
},
{
"date": "2014-01-25T01:03:00",
"db": "BID",
"id": "65101"
},
{
"date": "2014-01-24T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-001233"
},
{
"date": "2017-08-29T01:34:15.090000",
"db": "NVD",
"id": "CVE-2014-0675"
},
{
"date": "2014-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco TelePresence Video Communication Server of Expressway Vulnerability in man-in-the-middle attacks in components",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-001233"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "trust management",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201401-487"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.