CVE-2014-7991
First published: Fri Nov 14 2014(Updated: )
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unified Communications Manager | <=10.0\(1\) | |
| Cisco Unified Communications Manager | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/62267
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36381
- http://www.securityfocus.com/bid/71013
- http://www.securitytracker.com/id/1031181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98574
- collector/nvd-index
- agent/weakness
- agent/author
- agent/severity
- agent/references
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/cisco
- canonical/cisco unified communications manager
- version/cisco unified communications manager/10.0\(1\)
- version/cisco unified communications manager/10.0