Vulnerability Description
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Unified Communications Manager | <= 10.0\(1\) |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/62267
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36381Vendor Advisory
- http://www.securityfocus.com/bid/71013
- http://www.securitytracker.com/id/1031181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98574
- http://secunia.com/advisories/62267
- http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991Vendor Advisory
- http://tools.cisco.com/security/center/viewAlert.x?alertId=36381Vendor Advisory
- http://www.securityfocus.com/bid/71013
- http://www.securitytracker.com/id/1031181
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98574
FAQ
What is CVE-2014-7991?
CVE-2014-7991 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which a...
How severe is CVE-2014-7991?
CVE-2014-7991 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-7991?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Manager.