Vulnerability in Cisco Telepresence_system_software

CVE-2014-3274

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network positio…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.004 (59.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Telepresence_system_software — versions 1.2.3\(1101\), 1.3.2\(1393\), 1.4.7\(2229\)
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

References

psirt@cisco.com (x_refsource_CONFIRM, Vendor Advisory)
20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
1030272 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)