Cisco Bug: CSCte90332 - KVM client does not validate certificates used for encryption opening it
Nov 12, 2015
- Cisco Unified Computing System
Known Affected Releases
Symptom: Cisco Unified Computing Systems utilize a software based KVM. It has been discovered that the KVM client that runs on endpoint hosts does not proper validate that the certificate that is presented by a target device is valid. This could allow an attacker to perform a man-in-the-middle attack. Conditions: Devices running an affected version of Cisco Unified Computing System software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases