Encryption Key Reuse in Cisco TelePresence Video Communication Server
CVE-2015-6414

Currently unrated

Key Information:

Vendor: Cisco
Status: Telepresence Video Communication Server Software
Vendor: CVE Published:; 13 December 2015

Summary

The Cisco TelePresence Video Communication Server X8.6 is affected by a vulnerability resulting from the use of the same encryption key across different customer installations. This key reuse introduces a significant security risk, as local users can potentially exploit knowledge of a cryptographic key from one installation to undermine protections on another. This flaw, identified as Bug ID CSCuw64516, exposes installations to information disclosure vulnerabilities.

References

http://www.securitytracker.com/id/1034429

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/79065

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

Timeline

Vulnerability published
Dec 13, 2015
Vulnerability Reserved
Aug 17, 2015