CVE-2014-0675

Description

The Expressway component in Cisco TelePresence Video Communication Server (VCS) uses the same default X.509 certificate across different customers installations, which makes it easier for remote attackers to conduct man-in-the-middle attacks against SSL sessions by leveraging the certificates trust relationship, aka Bug ID CSCue07471.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

EPSS Score

Exploitation Probability

0.448

Associated Vulnerability

Vulnerability	OS Platform
Cisco TelePresence Video Communication Server Expressway Default SSL Certificate Vulnerability For Cisco TelePresence Video Communication Server Software	NCM
CVE-2014-0675	NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-1706044	Security Update for Cisco TelePresence Video Communication Server Software X8.9.2

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234