Cisco TelePresence Video Communication Server Information Disclosure Vulnerabilities
21 Mar. 2016
Summary
Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same encryption key across different customers' installations, which makes it easier for local users to defeat cryptographic protection mechanisms by leveraging knowledge of a key from another installation.
Credit:
The information has been provided by Cisco.
Vulnerable Systems:
*Cisco TelePresence Video Communication Server (VCS) Expressway X8.6
Immune Systems:
*Cisco TelePresence Video Communication Server (VCS) after Expressway X8.6
Cisco TelePresence Video Communication Server is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information. This may aid in further attacks.