Unrated severityNVD Advisory· Published Nov 14, 2014· Updated Jun 17, 2026
CVE-2014-7991
CVE-2014-7991
Description
The Remote Mobile Access Subsystem in Cisco Unified Communications Manager (CM) 10.0(1) and earlier does not properly validate the Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof VCS core devices via a crafted certificate issued by a legitimate Certification Authority, aka Bug ID CSCuq86376.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*range: <=10.0\(1\)
- cpe:2.3:a:cisco:unified_communications_manager:10.0:*:*:*:*:*:*:*
- (no CPE)range: <=10.0(1)
Patches
Vulnerability mechanics
References
6- tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-7991nvdVendor Advisory
- tools.cisco.com/security/center/viewAlert.xnvdVendor Advisory
- secunia.com/advisories/62267nvd
- www.securityfocus.com/bid/71013nvd
- www.securitytracker.com/id/1031181nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/98574nvd
News mentions
0No linked articles in our index yet.