CVE-2014-0675

Sažetak

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.

Reference

http://osvdb.org/102377
http://secunia.com/advisories/56621
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675
http://tools.cisco.com/security/center/viewAlert.x?alertId=32540
http://www.securityfocus.com/bid/65101
http://www.securitytracker.com/id/1029682
https://exchange.xforce.ibmcloud.com/vulnerabilities/90650

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

29-08-2017 - 01:34

Objavljeno

23-01-2014 - 04:41