#VU25782 Improper Certificate Validation in Cisco Systems, Inc Mobile applications
Vulnerability identifier: #VU25782
Vulnerability risk: Medium
CVSSv3.1: 6.8 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:U/RC:C]
CVE-ID:
CWE-ID:
CWE-295
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
Cisco Jabber
Client/Desktop applications /
Messaging software
Cisco Webex Teams
Client/Desktop applications /
Office applications
Cisco Meeting App
Client/Desktop applications /
Office applications
Cisco Webex Meetings
Server applications /
Conferencing, Collaboration and VoIP solutions
Cisco Intelligent Proximity application
Mobile applications /
Apps for mobile phones
Vendor: Cisco Systems, Inc
Description
The vulnerability allows a remote attacker to perform a man-in-the-middle (MiTM) attack.
The vulnerability exists in the SSL implementation of the Cisco Intelligent Proximity solution due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. A remote attacker can supply a specially crafted SSL certificate, perform a man-in-the-middle attack and view presentation content shared on it, modify any content being presented by the victim or have access to call controls.
This vulnerability affects Cisco products if they are running a vulnerable software release, have the Proximity feature enabled and are used to connect to on-premises devices.
Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versions
Cisco Jabber: All versions
Cisco Webex Teams: All versions
Cisco Meeting App: All versions
Cisco Webex Meetings: All versions
Cisco Intelligent Proximity application: All versions
External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
