Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2014-3274

Published: 26/05/2014 Updated: 07/09/2016
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Telepresence System Software

Vulnerability Summary

Cisco TelePresence System (CTS) 6.0(.5)(5) and previous versions falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle malicious users to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco telepresence system software 1.5.1\\(2082\\)

cisco telepresence system software 1.5.10\\(3648\\)

cisco telepresence system software 1.5.11\\(3659\\)

cisco telepresence system software 1.5.12\\(3701\\)

cisco telepresence system software 1.7.1\\(4864\\)

cisco telepresence system software 1.7.2\\(4937\\)

cisco telepresence system software 1.7.2.1\\(2\\)

cisco telepresence system software 1.7.4\\(270\\)

cisco telepresence system software 1.7.5\\(42\\)

cisco telepresence system software 1.9.3

cisco telepresence system software 1.9.3\\(44\\)

cisco telepresence system software 1.9.4

cisco telepresence system software 1.9.4\\(19\\)

cisco telepresence system software 1.10.3\\(41\\)

cisco telepresence system software 1.3.2\\(1393\\)

cisco telepresence system software 1.5.3\\(2115\\)

cisco telepresence system software 1.6.2\\(4023\\)

cisco telepresence system software 1.6.7\\(4212\\)

cisco telepresence system software 1.7.0.1\\(4764\\)

cisco telepresence system software 1.7.6\\(4\\)

cisco telepresence system software 1.8.1\\(34\\)

cisco telepresence system software 1.9.1\\(68\\)

cisco telepresence system software 1.9.2\\(19\\)

cisco telepresence system software 1.9.5

cisco telepresence system software 1.9.6

cisco telepresence system software 6.0.2\\(28\\)

cisco telepresence system software 6.0.0.1\\(4\\)

cisco telepresence system software 1.10.0

cisco telepresence system software 1.10.0\\(259\\)

cisco telepresence system software 1.10.1

cisco telepresence system software 1.10.1\\(43\\)

cisco telepresence system software 1.10.2\\(42\\)

cisco telepresence system software 1.6.3\\(4042\\)

cisco telepresence system software 1.6.4\\(4072\\)

cisco telepresence system software 1.6.5\\(4097\\)

cisco telepresence system software 1.6.6\\(4109\\)

cisco telepresence system software 1.8.3\\(4\\)

cisco telepresence system software 1.8.4\\(13\\)

cisco telepresence system software 1.8.5\\(4\\)

cisco telepresence system software 1.9.0\\(46\\)

cisco telepresence system software 1.9.6.1\\(3\\)

cisco telepresence system software 4.0.0

cisco telepresence system software

cisco telepresence system software 6.0.4\\(11\\)

cisco telepresence system software 6.0.3\\(33\\)

cisco telepresence system software 1.2.3\\(1101\\)

cisco telepresence system software 1.4.7\\(2229\\)

cisco telepresence system software 1.5.13\\(3717\\)

cisco telepresence system software 1.6.0\\(3954\\)

cisco telepresence system software 1.6.8\\(4222\\)

cisco telepresence system software 1.7.0.2\\(4719\\)

cisco telepresence system software 1.8.0\\(55\\)

cisco telepresence system software 1.8.2\\(11\\)

cisco telepresence system software 1.9.0.1\\(3\\)

cisco telepresence system software 1.9.2

cisco telepresence system software 1.9.5\\(7\\)

cisco telepresence system software 1.9.6\\(2\\)

cisco telepresence system software 6.0.1\\(50\\)

Vendor Advisories

Cisco: Cisco TelePresence System Directory Information Disclosure Vulnerability
A vulnerability in the code retrieving directory information of Cisco TelePresence System (CTS) could allow an unauthenticated, remote attacker to intercept and read the content of a directory transferred between the CTS and the Cisco Unified Communications Manager (Cisco UCM) The vulnerability is due to a failure to enforce HTTPS for transferri ...

References

CWE-310http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274http://tools.cisco.com/security/center/viewAlert.x?alertId=34327http://www.securitytracker.com/id/1030272https://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20140522-CVE-2014-3274
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook