Back to search
CVE-2014-0675
Published: Jan 23, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://tools.cisco.com/security/center/viewAlert.x?alertId=32540
x_refsource_CONFIRM
65101
vdb-entry
x_refsource_BID
cisco-telepresence-cve20140675-mitm(90650)
vdb-entry
x_refsource_XF
56621
third-party-advisory
x_refsource_SECUNIA
102377
vdb-entry
x_refsource_OSVDB
20140122 Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability
vendor-advisory
x_refsource_CISCO
1029682
vdb-entry
x_refsource_SECTRACK
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now