Improper Certificate Validation in Cisco Intelligent Proximity

Published: 2020-03-05
Risk Medium
Patch available NO
Number of vulnerabilities 1
CVE-ID CVE-2020-3155
Exploitation vector Network
Public exploit N/A
Vulnerable software
Cisco Jabber
Client/Desktop applications / Messaging software

Cisco Webex Teams
Client/Desktop applications / Office applications

Cisco Meeting App
Client/Desktop applications / Office applications

Cisco Webex Meetings
Server applications / Conferencing, Collaboration and VoIP solutions

Cisco Intelligent Proximity application
Mobile applications / Apps for mobile phones

Vendor Cisco Systems, Inc

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Improper Certificate Validation

EUVDB-ID: #VU25782

Risk: Medium


CVE-ID: CVE-2020-3155

CWE-ID: CWE-295 - Improper Certificate Validation

Exploit availability: No


The vulnerability allows a remote attacker to perform a man-in-the-middle (MiTM) attack.

The vulnerability exists in the SSL implementation of the Cisco Intelligent Proximity solution due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. A remote attacker can supply a specially crafted SSL certificate, perform a man-in-the-middle attack and view presentation content shared on it, modify any content being presented by the victim or have access to call controls.

This vulnerability affects Cisco products if they are running a vulnerable software release, have the Proximity feature enabled and are used to connect to on-premises devices.


Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

Cisco Jabber: All versions

Cisco Webex Teams: All versions

Cisco Meeting App: All versions

Cisco Webex Meetings: All versions

Cisco Intelligent Proximity application: All versions

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?