Detections
Analytics
Cisco TelePresence Video Communication Server Expressway Default SSL Certificate
medium Nessus Plugin ID 72245
Language:
Synopsis
The remote service is using a well-known SSL certificate whose private key has been published.Description
The X.509 certificate of the remote host is known to ship by default with the remote service / device. The private key for this cert has been published, therefore the SSL communications done with the remote host cannot be considered secret as anyone with the ability to snoop the traffic between the remote host and the clients could decipher the traffic or launch a man-in-the-middle attack.Solution
Purchase or generate a proper certificate for this service and replace it, or ask your vendor for a way to do so.See Also
http://www.nessus.org/u?0770055f
https://tools.cisco.com/security/center/viewAlert.x?alertId=32540
Plugin Details
Severity: Medium
ID: 72245
File Name: cisco_telepresence_video_communication_server_default_ssl_cert.nasl
Version: 1.10
Type: remote
Family: CISCO
Published: 2/1/2014
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 2.5
CVSS v2
Risk Factor: Medium
Base Score: 6.4
Temporal Score: 4.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N
CVSS Score Source: CVE-2014-0675
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Vulnerability Information
CPE: cpe:/h:cisco:telepresence_video_communication_server, cpe:/a:cisco:telepresence_video_communication_server, cpe:/a:cisco:telepresence_video_communication_server_software
Required KB Items: SSL/Supported, Cisco/TelePresence_VCS/Version
Exploit Ease: No exploit is required
Vulnerability Publication Date: 1/22/2014
Reference Information
CVE: CVE-2014-0675
BID: 65101
CISCO-BUG-ID: CSCue07471