CVE-2014-3274

CWE-310 CWE-200 — Information Exposure4 documents4 sources

Severity

4.3MEDIUM

EPSS

0.4%

top 40.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Telepresence System Software

Timeline

PublishedMay 26

Latest updateMay 17

Description

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDcisco/telepresence_system_software6.0.5\(5\)+57

🔴Vulnerability Details

GHSA

GHSA-5r36-q7mm-42xf: Cisco TelePresence System (CTS) 6↗2022-05-17

▶

CVEList

CVE-2014-3274: Cisco TelePresence System (CTS) 6↗2014-05-23

▶

📋Vendor Advisories

Cisco

Cisco TelePresence System Directory Information Disclosure Vulnerability↗2014-05-22

▶