Back to search
CVE-2014-7991
Published: Nov 14, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1031181
vdb-entry
x_refsource_SECTRACK
cisco-ucm-cve20147991-spoofing(98574)
vdb-entry
x_refsource_XF
62267
third-party-advisory
x_refsource_SECUNIA
http://tools.cisco.com/security/center/viewAlert.x?alertId=36381
x_refsource_CONFIRM
71013
vdb-entry
x_refsource_BID
20141110 Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability
vendor-advisory
x_refsource_CISCO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now