Lucene search

CiscoCISCO-SA-20130905-CVE-2013-1228

HistorySep 05, 2013 - 4:00 p.m.

Cisco Jabber for Windows Certificate Validation Vulnerability

2013-09-0516:00:38

tools.cisco.com

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

20.6%

JSON

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position.

The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer (SSL). An attacker could exploit this vulnerability by intercepting and altering the connection.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit the vulnerability, the attacker may need access trusted, internal networks to convince a targeted user to accept a crafted certificate. This access requirement could reduce the likelihood of a successful exploit.

Cisco indicates through the CVSS score that proof-of-concept exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners

Node

ciscojabberMatchanywindows

VendorProductVersionCPE
ciscojabberanycpe:2.3:a:cisco:jabber:any:*:*:*:*:windows:*:*

Vendor	Product	Version	CPE
cisco	jabber	any	cpe:2.3:a:cisco:jabber:any:::::windows::

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20130905-CVE-2013-1228

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.001

Percentile

20.6%

JSON

Related for CISCO-SA-20130905-CVE-2013-1228