cnvd - cnvd-2015-08069

cnvd-2015-08069

Vulnerability from cnvd

Title: Cisco TelePresence Video Communication Server信息泄露漏洞

Description:

Cisco TelePresence是思科网真解决方案。

Cisco TelePresence Video Communication Server (VCS) X8.6对不同客户的安装使用了相同的密钥，这可使本地用户绕过加密保护机制。

Severity: 高

Patch Name: Cisco TelePresence Video Communication Server信息泄露漏洞的补丁

Patch Description:

Cisco TelePresence是思科网真解决方案。

Cisco TelePresence Video Communication Server (VCS) X8.6对不同客户的安装使用了相同的密钥，这可使本地用户绕过加密保护机制。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

Cisco已经为此发布了一个安全公告（cisco-sa-20151210-tvcs）以及相应补丁: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs

Reference: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs

Impacted products

Name
Cisco TelePresence Video Communication Server (VCS) x8.6

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-6414"
    }
  },
  "description": "Cisco TelePresence\u662f\u601d\u79d1\u7f51\u771f\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco TelePresence Video Communication Server (VCS) X8.6\u5bf9\u4e0d\u540c\u5ba2\u6237\u7684\u5b89\u88c5\u4f7f\u7528\u4e86\u76f8\u540c\u7684\u5bc6\u94a5\uff0c\u8fd9\u53ef\u4f7f\u672c\u5730\u7528\u6237\u7ed5\u8fc7\u52a0\u5bc6\u4fdd\u62a4\u673a\u5236\u3002",
  "discovererName": "cisco",
  "formalWay": "Cisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20151210-tvcs\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-08069",
  "openTime": "2015-12-11",
  "patchDescription": "Cisco TelePresence\u662f\u601d\u79d1\u7f51\u771f\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\nCisco TelePresence Video Communication Server (VCS) X8.6\u5bf9\u4e0d\u540c\u5ba2\u6237\u7684\u5b89\u88c5\u4f7f\u7528\u4e86\u76f8\u540c\u7684\u5bc6\u94a5\uff0c\u8fd9\u53ef\u4f7f\u672c\u5730\u7528\u6237\u7ed5\u8fc7\u52a0\u5bc6\u4fdd\u62a4\u673a\u5236\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco TelePresence Video Communication Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco TelePresence Video Communication Server (VCS) x8.6"
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs",
  "serverity": "\u9ad8",
  "submitTime": "2015-12-10",
  "title": "Cisco TelePresence Video Communication Server\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}

CVE-2015-6414 (GCVE-0-2015-6414)

Vulnerability from cvelistv5

Published

2015-12-13 02:00

Modified

2024-08-06 07:22

Severity ?

CWE

Summary

Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516.

References

▼	URL	Tags
	http://www.securitytracker.com/id/1034429	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/79065	vdb-entry, x_refsource_BID
	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs	vendor-advisory, x_refsource_CISCO

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T07:22:21.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1034429",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1034429"
          },
          {
            "name": "79065",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/79065"
          },
          {
            "name": "20151210 Cisco TelePresence Video Communication Server Information Disclosure Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers\u0027 installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T14:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "1034429",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1034429"
        },
        {
          "name": "79065",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/79065"
        },
        {
          "name": "20151210 Cisco TelePresence Video Communication Server Information Disclosure Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-6414",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers\u0027 installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1034429",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1034429"
            },
            {
              "name": "79065",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/79065"
            },
            {
              "name": "20151210 Cisco TelePresence Video Communication Server Information Disclosure Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-6414",
    "datePublished": "2015-12-13T02:00:00",
    "dateReserved": "2015-08-17T00:00:00",
    "dateUpdated": "2024-08-06T07:22:21.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted