CVE-2014-7991

medium Cisco
CVSS v3 Base Score
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS Score
0.3%
Exploitation probability in 30 days
Top 48% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
M
Confidentiality
None
Integrity
P
Availability
None
Published: November 14, 2014 (4199 days ago)
Last Modified: May 6, 2026
Vendor: Cisco
Source: NVD

Description

The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.

CWE

CWE-310

Affected Products

cisco unified communications manager

References

🔗 secunia.com 🔗 tools.cisco.com 🔗 tools.cisco.com 🔗 www.securityfocus.com 🔗 www.securitytracker.com