CVE-2015-6414

Published: Dec 13, 2015Modified: May 6, 2026

2.1

Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 3.9 / Impact: 2.9

Source: NVD

Description

Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation, aka Bug ID CSCuw64516.

Affected (1)

Products: Cisco: Telepresence Video Communication Server Software

1 product

Telepresence Video Communication Server Software

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Telepresence Video Communication Server Software	Version x8.6

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/79065

Source: psirt@cisco.com

http://www.securitytracker.com/id/1034429

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-tvcs

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/79065

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034429

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.