CVE-2014-3274

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.

Severity	MEDIUM
CVSS	4.3
CWE	CWE-310
KEV
Published	11 years ago
Modified	1 week ago

Related Products

Product	Advisory	Evidence
Cisco Unified Communications Manager	Cisco-SA-20140522-CVE-2014-3274	Cisco OpenVuln
Cisco TelePresence System Software	Cisco-SA-20140522-CVE-2014-3274	Cisco OpenVuln
Cisco TelePresence	Cisco-SA-20140522-CVE-2014-3274	Cisco OpenVuln