A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic. Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
The product does not validate, or incorrectly validates, a certificate.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Telepresence_video_communication_server | Cisco | x8.1 (including) | x8.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.1.1 (including) | x8.1.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.1.2 (including) | x8.1.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.2 (including) | x8.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.2.1 (including) | x8.2.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.2.2 (including) | x8.2.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.5 (including) | x8.5 (including) |
| Telepresence_video_communication_server | Cisco | x8.5.1 (including) | x8.5.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.5.2 (including) | x8.5.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.5.3 (including) | x8.5.3 (including) |
| Telepresence_video_communication_server | Cisco | x8.6 (including) | x8.6 (including) |
| Telepresence_video_communication_server | Cisco | x8.6.1 (including) | x8.6.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.7 (including) | x8.7 (including) |
| Telepresence_video_communication_server | Cisco | x8.7.1 (including) | x8.7.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.7.2 (including) | x8.7.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.7.3 (including) | x8.7.3 (including) |
| Telepresence_video_communication_server | Cisco | x8.8 (including) | x8.8 (including) |
| Telepresence_video_communication_server | Cisco | x8.8.1 (including) | x8.8.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.8.2 (including) | x8.8.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.8.3 (including) | x8.8.3 (including) |
| Telepresence_video_communication_server | Cisco | x8.9 (including) | x8.9 (including) |
| Telepresence_video_communication_server | Cisco | x8.9.1 (including) | x8.9.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.9.2 (including) | x8.9.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.10.0 (including) | x8.10.0 (including) |
| Telepresence_video_communication_server | Cisco | x8.10.1 (including) | x8.10.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.10.2 (including) | x8.10.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.10.3 (including) | x8.10.3 (including) |
| Telepresence_video_communication_server | Cisco | x8.10.4 (including) | x8.10.4 (including) |
| Telepresence_video_communication_server | Cisco | x8.11.0 (including) | x8.11.0 (including) |
| Telepresence_video_communication_server | Cisco | x8.11.1 (including) | x8.11.1 (including) |
| Telepresence_video_communication_server | Cisco | x8.11.2 (including) | x8.11.2 (including) |
| Telepresence_video_communication_server | Cisco | x8.11.3 (including) | x8.11.3 (including) |
| Telepresence_video_communication_server | Cisco | x8.11.4 (including) | x8.11.4 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.0 (including) | x12.5.0 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.1 (including) | x12.5.1 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.2 (including) | x12.5.2 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.3 (including) | x12.5.3 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.4 (including) | x12.5.4 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.5 (including) | x12.5.5 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.6 (including) | x12.5.6 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.7 (including) | x12.5.7 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.8 (including) | x12.5.8 (including) |
| Telepresence_video_communication_server | Cisco | x12.5.9 (including) | x12.5.9 (including) |
| Telepresence_video_communication_server | Cisco | x12.6.0 (including) | x12.6.0 (including) |
| Telepresence_video_communication_server | Cisco | x12.6.1 (including) | x12.6.1 (including) |
| Telepresence_video_communication_server | Cisco | x12.6.2 (including) | x12.6.2 (including) |
| Telepresence_video_communication_server | Cisco | x12.6.3 (including) | x12.6.3 (including) |
| Telepresence_video_communication_server | Cisco | x12.6.4 (including) | x12.6.4 (including) |
| Telepresence_video_communication_server | Cisco | x12.7.0 (including) | x12.7.0 (including) |
| Telepresence_video_communication_server | Cisco | x12.7.1 (including) | x12.7.1 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.0 (including) | x14.0.0 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.1 (including) | x14.0.1 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.2 (including) | x14.0.2 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.3 (including) | x14.0.3 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.4 (including) | x14.0.4 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.5 (including) | x14.0.5 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.6 (including) | x14.0.6 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.7 (including) | x14.0.7 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.8 (including) | x14.0.8 (including) |
| Telepresence_video_communication_server | Cisco | x14.0.9 (including) | x14.0.9 (including) |