PT-2014-5170 · Cisco · Cisco Unified Communications Manager+1

Published

2014-05-23

Updated

2016-09-07

CVE-2014-3274

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco TelePresence System (CTS) versions 6.0(.5)(5) and earlier

Description The issue allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, causing the system to fall back to HTTP when certain HTTPS sessions cannot be established.

Recommendations For Cisco TelePresence System (CTS) versions 6.0(.5)(5) and earlier, consider configuring the system to enforce HTTPS connections and restrict the use of HTTP to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2014-3274

Affected Products

Cisco Telepresence System

Cisco Unified Communications Manager

PT-2014-5170 · Cisco · Cisco Unified Communications Manager+1

CVE-2014-3274

Weakness Enumeration

Related Identifiers

Affected Products

References · 4