{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-05-21T00:00:00", "descriptions": [{"lang": "en", "value": "Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-09T12:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327"}, {"name": "20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274"}, {"name": "1030272", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1030272"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2014-3274", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327", "refsource": "CONFIRM", "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327"}, {"name": "20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability", "refsource": "CISCO", "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274"}, {"name": "1030272", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1030272"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2014-3274", "datePublished": "2014-05-23T22:00:00", "dateReserved": "2014-05-07T00:00:00", "dateUpdated": "2014-06-09T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:telepresence_system_software:*:*:*:*:*:*:*:*", "matchCriteriaId": "89820E2D-120B-4E92-95FE-7D4072C915F6", "versionEndIncluding": "6.0.5\\(5\\)", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.2.3\\(1101\\):*:*:*:*:*:*:*", "matchCriteriaId": "12193063-0545-402F-87E6-61023184F5EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.3.2\\(1393\\):*:*:*:*:*:*:*", "matchCriteriaId": "90D72D8E-0826-4716-A2EE-B934150EC5F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.4.7\\(2229\\):*:*:*:*:*:*:*", "matchCriteriaId": "494F0584-197E-4892-BD58-B574DBD090FD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.5.1\\(2082\\):*:*:*:*:*:*:*", "matchCriteriaId": "DEAF862B-43D6-42A2-B710-ED803906F251", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.5.3\\(2115\\):*:*:*:*:*:*:*", "matchCriteriaId": "9FA3E247-E67F-4237-AF71-FEB0528EC35F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.5.10\\(3648\\):*:*:*:*:*:*:*", "matchCriteriaId": "C68D879E-4522-4069-84B7-ED7C511B9D05", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.5.11\\(3659\\):*:*:*:*:*:*:*", "matchCriteriaId": "3C97CD7F-1ED4-4F44-BC53-5CC3871915B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.5.12\\(3701\\):*:*:*:*:*:*:*", "matchCriteriaId": "45A3BE96-E4F8-4362-A18E-0EBCF4D65490", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.5.13\\(3717\\):*:*:*:*:*:*:*", "matchCriteriaId": "679CFA7C-60D4-4369-905F-B52DCD321603", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.6.0\\(3954\\):*:*:*:*:*:*:*", "matchCriteriaId": "90C4668B-CB7C-44EB-B352-DED7C252EAD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.6.2\\(4023\\):*:*:*:*:*:*:*", "matchCriteriaId": "6BDB4EBF-C8A1-4CE6-B377-C09983BF3A21", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.6.3\\(4042\\):*:*:*:*:*:*:*", "matchCriteriaId": "43DAFA6C-2A25-499D-B11B-801F9031F2A5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.6.4\\(4072\\):*:*:*:*:*:*:*", "matchCriteriaId": "456BF22C-3010-451F-853F-C46E94E954D2", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.6.5\\(4097\\):*:*:*:*:*:*:*", "matchCriteriaId": "B4A64D44-EC08-4601-93AC-6C02A4412D8C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.6.6\\(4109\\):*:*:*:*:*:*:*", "matchCriteriaId": "090FA16C-ABF2-4464-8219-D7A8917A7ECC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.6.7\\(4212\\):*:*:*:*:*:*:*", "matchCriteriaId": "774A9C95-8111-425B-A411-26F614384135", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.6.8\\(4222\\):*:*:*:*:*:*:*", "matchCriteriaId": "E6D1A003-6593-4934-8518-CC40F3F8ACE3", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.7.0.1\\(4764\\):*:*:*:*:*:*:*", "matchCriteriaId": "2B98FCCA-923C-4501-9B06-70CB3731F49A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.7.0.2\\(4719\\):*:*:*:*:*:*:*", "matchCriteriaId": "29E0E9FC-EF3F-470A-93A4-CC9C7A71F6EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.7.1\\(4864\\):*:*:*:*:*:*:*", "matchCriteriaId": "1AE77C52-E526-4B48-8EFA-5F5C59956308", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.7.2\\(4937\\):*:*:*:*:*:*:*", "matchCriteriaId": "BF620174-5C3E-43AF-8AEB-B9DD87F8C451", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.7.2.1\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "315EDAEC-3C60-445A-9613-23D38E8C2873", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.7.4\\(270\\):*:*:*:*:*:*:*", "matchCriteriaId": "551E171E-973F-47A5-8A7F-70062E76E9CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.7.5\\(42\\):*:*:*:*:*:*:*", "matchCriteriaId": "43DB9A3E-F495-4D22-874F-DDFB73C07534", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.7.6\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "2177AF2B-BF5C-431C-8899-88ECC4E91BC4", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.8.0\\(55\\):*:*:*:*:*:*:*", "matchCriteriaId": "F2DBBADC-6367-4F75-9F58-E42A05AC992C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.8.1\\(34\\):*:*:*:*:*:*:*", "matchCriteriaId": "CFEAB6C5-3B65-42D0-B597-0322D9F57C82", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.8.2\\(11\\):*:*:*:*:*:*:*", "matchCriteriaId": "FD609D6C-0DA9-4D5F-B2F0-88BCAFCB7959", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.8.3\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "62CBB917-651A-4EB8-842D-0BEA708A1BFB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.8.4\\(13\\):*:*:*:*:*:*:*", "matchCriteriaId": "8BBAAC16-A2BE-4D8D-8DEA-9FD4BDA7E17B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.8.5\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "8819E5D6-F369-4BD2-A816-94F7A919C4B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.0\\(46\\):*:*:*:*:*:*:*", "matchCriteriaId": "34508470-64C3-4A99-BBB0-169AFA3BE50B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.0.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "09D6BB57-FB29-4DBD-9974-7DE67695A416", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.1\\(68\\):*:*:*:*:*:*:*", "matchCriteriaId": "E6570B01-07EB-425B-91E7-70517889A462", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "3BE52CFC-2DE3-4780-9471-BA2390070C78", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.2\\(19\\):*:*:*:*:*:*:*", "matchCriteriaId": "68710E69-4FD8-4FED-9D7B-CE7317982E2F", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "68884D7C-6F29-4435-8904-C684959C9D4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.3\\(44\\):*:*:*:*:*:*:*", "matchCriteriaId": "00737930-5F3C-4274-9633-00B3837ED6BC", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "52DDA787-1F51-415A-BF59-B9EAAE69EA2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.4\\(19\\):*:*:*:*:*:*:*", "matchCriteriaId": "995E5365-B6C3-4A4A-9F14-EADD27C8B9B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "BABEE2DD-7C86-4BD0-9928-DC370D3F786B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.5\\(7\\):*:*:*:*:*:*:*", "matchCriteriaId": "20831FBF-99C9-4B02-A577-6D28CC2983DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "79C69EA5-F5D2-4DC7-BE08-F0CBA967A249", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.6\\(2\\):*:*:*:*:*:*:*", "matchCriteriaId": "34600183-7CCF-4424-8887-8EC9ADD1B09E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.9.6.1\\(3\\):*:*:*:*:*:*:*", "matchCriteriaId": "53734B19-352E-40F4-9A7C-E1A545B511FF", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.10.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4E70952-7132-4F2B-932F-56FAD2A89A96", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.10.0\\(259\\):*:*:*:*:*:*:*", "matchCriteriaId": "0B3E2221-6FA5-4ABB-9102-414430E4865B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "F861192D-6138-49D2-BF8A-2D10B863253A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.10.1\\(43\\):*:*:*:*:*:*:*", "matchCriteriaId": "5E6F9075-05E8-4B02-94C3-6AC2D36F5979", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.10.2\\(42\\):*:*:*:*:*:*:*", "matchCriteriaId": "93666603-82A3-4E19-9BD1-4B0F39390992", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:1.10.3\\(41\\):*:*:*:*:*:*:*", "matchCriteriaId": "9ED6E73D-7510-44DB-ADDB-9F757F90232E", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "4BF71FA2-B8FC-4AE7-A0FD-8A4FAA0FE510", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:6.0.0.1\\(4\\):*:*:*:*:*:*:*", "matchCriteriaId": "8C315F74-11D0-42EF-84F7-A9747A8C03E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:6.0.1\\(50\\):*:*:*:*:*:*:*", "matchCriteriaId": "18516CB9-5EE8-4CC3-ACC3-6A0DF29D1D4B", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:6.0.2\\(28\\):*:*:*:*:*:*:*", "matchCriteriaId": "A03B63BB-9DE1-41F9-A993-8295C368F611", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:6.0.3\\(33\\):*:*:*:*:*:*:*", "matchCriteriaId": "E32AA0A3-88AD-40D9-BF87-0DB0C1C7DADB", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:telepresence_system_software:6.0.4\\(11\\):*:*:*:*:*:*:*", "matchCriteriaId": "45697A1C-B866-4BFE-8311-C82DDCE0A5C1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326."}, {"lang": "es", "value": "Cisco TelePresence System (CTS) 6.0(.5)(5) y anteriores recurre a HTTP cuando ciertas sesiones HTTPS no pueden ser establecidas, lo que permite a atacantes man-in-the-middle obtener informaci\u00f3n sensible de directorio mediante el aprovechamiento de una posici\u00f3n de red entre CTS y Cisco Unified Communications Manager (UCM) para bloquear trafico HTTPS, tambi\u00e9n conocido como Bug ID CSCuj26326."}], "id": "CVE-2014-3274", "lastModified": "2016-09-07T17:04:08.590", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-05-26T00:25:31.407", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-3274"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=34327"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1030272"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}