Vulnerabilities > CVE-2014-0675 - Credentials Management vulnerability in Cisco Telepresence Video Communication Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
NONE Summary
The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | CISCO |
NASL id | CISCO_TELEPRESENCE_VIDEO_COMMUNICATION_SERVER_DEFAULT_SSL_CERT.NASL |
description | The X.509 certificate of the remote host is known to ship by default with the remote service / device. The private key for this cert has been published, therefore the SSL communications done with the remote host cannot be considered secret as anyone with the ability to snoop the traffic between the remote host and the clients could decipher the traffic or launch a man-in-the-middle attack. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 72245 |
published | 2014-02-01 |
reporter | This script is Copyright (C) 2014-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/72245 |
title | Cisco TelePresence Video Communication Server Expressway Default SSL Certificate |
code |
|
References
- http://osvdb.org/102377
- http://secunia.com/advisories/56621
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675
- http://tools.cisco.com/security/center/viewAlert.x?alertId=32540
- http://www.securityfocus.com/bid/65101
- http://www.securitytracker.com/id/1029682
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90650