CVE-2014-0675

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers' installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificate's trust relationship, aka Bug ID CSCue07471.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.4 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 76%
VendorProductVersion
ciscotelepresence_video_communication_server
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/102377
http://secunia.com/advisories/56621
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675
http://tools.cisco.com/security/center/viewAlert.x?alertId=32540
http://www.securityfocus.com/bid/65101
http://www.securitytracker.com/id/1029682
https://exchange.xforce.ibmcloud.com/vulnerabilities/90650
http://osvdb.org/102377
http://secunia.com/advisories/56621
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-0675
http://tools.cisco.com/security/center/viewAlert.x?alertId=32540
http://www.securityfocus.com/bid/65101
http://www.securitytracker.com/id/1029682
https://exchange.xforce.ibmcloud.com/vulnerabilities/90650