Directory Information Disclosure in Cisco TelePresence System by Cisco
CVE-2014-3274

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence System Software
Vendor: CVE Published:; 26 May 2014

Summary

The Cisco TelePresence System is susceptible to a directory information disclosure vulnerability that occurs when the system reverts to unencrypted HTTP during certain HTTPS session failures. This fallback allows man-in-the-middle attackers to intercept and collect sensitive directory information. By positioning themselves within the network traffic between the Cisco TelePresence System and the Cisco Unified Communications Manager, attackers can block HTTPS traffic, enabling unauthorized access to confidential data.

References

http://tools.cisco.com/security/center/viewAlert.x?alertI...

x_refsource_CONFIRM

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1030272

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
May 26, 2014
Vulnerability Reserved
May 7, 2014