CVE-2014-7991
N/A
N/A
Summary
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1031181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98574
- http://secunia.com/advisories/62267
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36381
- http://www.securityfocus.com/bid/71013
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991
References
- http://www.securitytracker.com/id/1031181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98574
- http://secunia.com/advisories/62267
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36381
- http://www.securityfocus.com/bid/71013
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.