Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-8779

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2014-8779
Last Modified 03 Feb 2015 10:35:18
Published 03 Feb 2015 11:59:01
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-8779

Summary

Pexip Infinity before 8 uses the same SSH host keys across different customers' installations, which allows man-in-the-middle attackers to spoof Management and Conferencing Nodes by leveraging these keys.

Vulnerable Systems

Application

  • Pexip Infinity 7.0


References

BID - 72359

BUGTRAQ - 20150129 CVE-2014-8779: SSH Host keys on Pexip Infinity

CONFIRM - http://www.pexip.com/sites/pexip/files/Pexip_Security_Bulletin_2015-01-02.pdf

MISC - http://packetstormsecurity.com/files/130174/Pexip-Infinity-Non-Unique-SSH-Host-Keys.html


Last Updated: 27 May 2016 11:07:40