CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
31.1%
Cisco IP Communicator contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks on a targeted system.
The vulnerability is due insufficient validation of signing certificates in the Certificate Trust List which have been accepted by end users. An unauthenticated, remote attacker could exploit this vulnerability by impersonating trusted servers through crafted certificates. If successful, the attacker could launch further attacks on the system.
Cisco has confirmed this vulnerability and released software updates.
To successfully exploit this vulnerability, Cisco IP Communicator must be restarted. An attacker may use misleading language or instructions to convince a user to restart the device, or may use other means or attacks in an attempt to restart the device.
The CVSS score indicates that functional exploit code exists; however, the code is not known to be publicly available.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | ip_communicator | any | cpe:2.3:a:cisco:ip_communicator:any:*:*:*:*:*:*:* |