The Mobile and Remote Access (MRA) component in Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7 and Expressway X8.1 through X8.6 mishandles certificates, which allows remote attackers to bypass authentication via an arbitrary trusted certificate, aka Bug ID CSCuz64601.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 3.1 | 6.5 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
| Primary | 2.0 | 5.8 | MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:N |
| Hyperlink | Source | Resource |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs | psirt@cisco.com | Vendor Advisory |
| http://www.securityfocus.com/bid/91669 | psirt@cisco.com | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1036237 | psirt@cisco.com | Third Party Advisory VDB Entry |
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160706-vcs | af854a3a-2127-422b-91ae-364da2661108 | Vendor Advisory |
| http://www.securityfocus.com/bid/91669 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |
| http://www.securitytracker.com/id/1036237 | af854a3a-2127-422b-91ae-364da2661108 | Third Party Advisory VDB Entry |