CVE-2014-3274 - 漏洞详情

CVE-2014-3274 (CNNVD-201405-474)

MEDIUM

中文标题:

Cisco TelePresence System 加密问题漏洞

英文标题:

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS session...

CVSS分数: 4.3

发布时间: 2014-05-23 22:00:00

漏洞类型: 加密问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Cisco TelePresence System（CTS）是美国思科（Cisco）公司的一套被称为网真系统的视频会议解决方案。该方案提供音频、视频空间等组件，可为远程参会者提供一个面对面的虚拟会议室效果。 Cisco CTS 6.0(.5)(5)及之前的版本中存在安全漏洞，该漏洞源于程序没有正确执行传输目录内容中的HTTPS。攻击者可通过阻止CTS和Cisco Unified Communications Manager (UCM)之间的HTTPS连接利用该漏洞实施中间人攻击，获取敏感的目录信息。

英文描述:

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory information by leveraging a network position between CTS and Cisco Unified Communications Manager (UCM) to block HTTPS traffic, aka Bug ID CSCuj26326.

CWE类型:

CWE-310

受影响产品

厂商	产品	版本	版本范围	平台	CPE
cisco	telepresence_system_software	*	-	-	`cpe:2.3:a:cisco:telepresence_system_software::::::::`
cisco	telepresence_system_software	1.2.3\(1101\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.2.3\(1101\):::::::*`
cisco	telepresence_system_software	1.3.2\(1393\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.3.2\(1393\):::::::*`
cisco	telepresence_system_software	1.4.7\(2229\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.4.7\(2229\):::::::*`
cisco	telepresence_system_software	1.5.1\(2082\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.5.1\(2082\):::::::*`
cisco	telepresence_system_software	1.5.3\(2115\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.5.3\(2115\):::::::*`
cisco	telepresence_system_software	1.5.10\(3648\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.5.10\(3648\):::::::*`
cisco	telepresence_system_software	1.5.11\(3659\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.5.11\(3659\):::::::*`
cisco	telepresence_system_software	1.5.12\(3701\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.5.12\(3701\):::::::*`
cisco	telepresence_system_software	1.5.13\(3717\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.5.13\(3717\):::::::*`
cisco	telepresence_system_software	1.6.0\(3954\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.6.0\(3954\):::::::*`
cisco	telepresence_system_software	1.6.2\(4023\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.6.2\(4023\):::::::*`
cisco	telepresence_system_software	1.6.3\(4042\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.6.3\(4042\):::::::*`
cisco	telepresence_system_software	1.6.4\(4072\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.6.4\(4072\):::::::*`
cisco	telepresence_system_software	1.6.5\(4097\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.6.5\(4097\):::::::*`
cisco	telepresence_system_software	1.6.6\(4109\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.6.6\(4109\):::::::*`
cisco	telepresence_system_software	1.6.7\(4212\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.6.7\(4212\):::::::*`
cisco	telepresence_system_software	1.6.8\(4222\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.6.8\(4222\):::::::*`
cisco	telepresence_system_software	1.7.0.1\(4764\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.7.0.1\(4764\):::::::*`
cisco	telepresence_system_software	1.7.0.2\(4719\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.7.0.2\(4719\):::::::*`
cisco	telepresence_system_software	1.7.1\(4864\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.7.1\(4864\):::::::*`
cisco	telepresence_system_software	1.7.2\(4937\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.7.2\(4937\):::::::*`
cisco	telepresence_system_software	1.7.2.1\(2\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.7.2.1\(2\):::::::*`
cisco	telepresence_system_software	1.7.4\(270\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.7.4\(270\):::::::*`
cisco	telepresence_system_software	1.7.5\(42\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.7.5\(42\):::::::*`
cisco	telepresence_system_software	1.7.6\(4\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.7.6\(4\):::::::*`
cisco	telepresence_system_software	1.8.0\(55\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.8.0\(55\):::::::*`
cisco	telepresence_system_software	1.8.1\(34\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.8.1\(34\):::::::*`
cisco	telepresence_system_software	1.8.2\(11\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.8.2\(11\):::::::*`
cisco	telepresence_system_software	1.8.3\(4\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.8.3\(4\):::::::*`
cisco	telepresence_system_software	1.8.4\(13\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.8.4\(13\):::::::*`
cisco	telepresence_system_software	1.8.5\(4\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.8.5\(4\):::::::*`
cisco	telepresence_system_software	1.9.0\(46\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.0\(46\):::::::*`
cisco	telepresence_system_software	1.9.0.1\(3\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.0.1\(3\):::::::*`
cisco	telepresence_system_software	1.9.1\(68\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.1\(68\):::::::*`
cisco	telepresence_system_software	1.9.2	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.2:::::::*`
cisco	telepresence_system_software	1.9.2\(19\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.2\(19\):::::::*`
cisco	telepresence_system_software	1.9.3	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.3:::::::*`
cisco	telepresence_system_software	1.9.3\(44\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.3\(44\):::::::*`
cisco	telepresence_system_software	1.9.4	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.4:::::::*`
cisco	telepresence_system_software	1.9.4\(19\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.4\(19\):::::::*`
cisco	telepresence_system_software	1.9.5	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.5:::::::*`
cisco	telepresence_system_software	1.9.5\(7\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.5\(7\):::::::*`
cisco	telepresence_system_software	1.9.6	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.6:::::::*`
cisco	telepresence_system_software	1.9.6\(2\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.6\(2\):::::::*`
cisco	telepresence_system_software	1.9.6.1\(3\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.9.6.1\(3\):::::::*`
cisco	telepresence_system_software	1.10.0	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.10.0:::::::*`
cisco	telepresence_system_software	1.10.0\(259\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.10.0\(259\):::::::*`
cisco	telepresence_system_software	1.10.1	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.10.1:::::::*`
cisco	telepresence_system_software	1.10.1\(43\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.10.1\(43\):::::::*`
cisco	telepresence_system_software	1.10.2\(42\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.10.2\(42\):::::::*`
cisco	telepresence_system_software	1.10.3\(41\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:1.10.3\(41\):::::::*`
cisco	telepresence_system_software	4.0.0	-	-	`cpe:2.3:a:cisco:telepresence_system_software:4.0.0:::::::*`
cisco	telepresence_system_software	6.0.0.1\(4\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:6.0.0.1\(4\):::::::*`
cisco	telepresence_system_software	6.0.1\(50\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:6.0.1\(50\):::::::*`
cisco	telepresence_system_software	6.0.2\(28\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:6.0.2\(28\):::::::*`
cisco	telepresence_system_software	6.0.3\(33\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:6.0.3\(33\):::::::*`
cisco	telepresence_system_software	6.0.4\(11\)	-	-	`cpe:2.3:a:cisco:telepresence_system_software:6.0.4\(11\):::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

无标题 x_refsource_CONFIRM
cve.org

访问

20140521 Cisco TelePresence System Directory Information Disclosure Vulnerability vendor-advisory
cve.org

访问

1030272 vdb-entry
cve.org

访问

CVSS评分详情

4.3

MEDIUM

CVSS向量: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS版本: 2.0

机密性

PARTIAL

完整性

NONE

可用性

NONE

时间信息

发布时间:

2014-05-23 22:00:00

修改时间:

2024-08-06 10:35:57

创建时间:

2025-11-11 15:33:47

更新时间:

2025-11-11 15:51:24

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2014-3274`	2025-11-11 15:18:45	2025-11-11 07:33:47
NVD	`nvd_CVE-2014-3274`	2025-11-11 14:54:33	2025-11-11 07:42:32
CNNVD	`cnnvd_CNNVD-201405-474`	2025-11-11 15:09:27	2025-11-11 07:51:24

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:51:24

vulnerability_type: 未提取 → 加密问题; cnnvd_id: 未提取 → CNNVD-201405-474; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 加密问题
cnnvd_id: 未提取 -> CNNVD-201405-474
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:42:32

cvss_score: 未提取 → 4.3; cvss_vector: NOT_EXTRACTED → AV:N/AC:M/Au:N/C:P/I:N/A:N; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 58; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

cvss_score: 未提取 -> 4.3
cvss_vector: NOT_EXTRACTED -> AV:N/AC:M/Au:N/C:P/I:N/A:N
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 58
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2014-3274 (CNNVD-201405-474)

中文标题:

Cisco TelePresence System 加密问题漏洞

英文标题:

Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS session...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史