Vulnerability Details : CVE-2014-7991
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
Products affected by CVE-2014-7991
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*
Threat overview for CVE-2014-7991
Top countries where our scanners detected CVE-2014-7991
Top open port discovered on systems with this issue
22
IPs affected by CVE-2014-7991 2
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2014-7991!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2014-7991
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7991
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-7991
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7991
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=36381
Cisco Unified Communications Manager Remote Mobile Access Subsystem VulnerabilityVendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98574
Cisco Unified Communications Manager spoofing CVE-2014-7991 Vulnerability Report
-
http://www.securitytracker.com/id/1031181
Cisco Unified Communications Manager Remote Mobile Access Subsystem Certificate Validation Flaw Lets Remote Users Spoof the System - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991
Cisco Unified Communications Manager Remote Mobile Access Subsystem VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/71013
Cisco Unified Communications Manager TLS Certificate Validation Security Bypass Vulnerability
Jump to