SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Embedded Server/Appliance)  >   Cisco Unified Computing System Vendors:   Cisco
Cisco Unified Computing System C-Series Servers SSL Certificate Validation Flaw Lets Remote Man-in-the-Middle Users Decrypt and Modify Communications
SecurityTracker Alert ID:  1032872
SecurityTracker URL:  http://securitytracker.com/id/1032872
CVE Reference:   CVE-2015-4259   (Links to External Site)
Date:  Jul 11 2015
Impact:   Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information
Vendor Confirmed:  Yes  
Version(s): 1.5(3), 1.6(0.16)
Description:   A vulnerability was reported in Cisco Unified Computing System C-Series Servers. A remote user can access and modify data communicated by the target system.

A remote user that can conduct a man-in-the-middle attack can exploit an SSL certificate validation flaw to decrypt communications and access and modify data sent to and from the target system.

The vendor has assigned bug IDs CSCum56133 and CSCum56177 to this vulnerability.

Impact:   A remote user that can conduct a man-in-the-middle attack can decrypt and modify communications.
Solution:   No solution was available at the time of this entry.

The vendor's advisory is available at:

http://tools.cisco.com/security/center/viewAlert.x?alertId=39803

Vendor URL:  tools.cisco.com/security/center/viewAlert.x?alertId=39803 (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC