Lucene search

MitreCVE-2008-1113

HistoryMar 03, 2008 - 6:44 p.m.

CVE-2008-1113

2008-03-0318:44:00

CWE-200

mitre

web.nvd.nist.gov

cisco

7921

vulnerability

mitm

peap

nvd

cve-2008-1113

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

Affected configurations

Nvd

Node

cisco7921_wireless_ip_phone

AND

vocera_communicationsvocera_communications_badge

VendorProductVersionCPE
cisco7921_wireless_ip_phone*cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*
vocera_communicationsvocera_communications_badge*cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	7921_wireless_ip_phone	*	cpe:2.3:h:cisco:7921_wireless_ip_phone::::::::
vocera_communications	vocera_communications_badge	*	cpe:2.3:a:vocera_communications:vocera_communications_badge::::::::

References

blogs.zdnet.com/security/?p=896

blogs.zdnet.com/security/?p=901

seclists.org/fulldisclosure/2008/Feb/0402.html

seclists.org/fulldisclosure/2008/Feb/0449.html

secunia.com/advisories/29082

securitytracker.com/id?1019494

www.securityfocus.com/bid/27935

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.7

Confidence

High

EPSS

0.005

Percentile

77.0%

JSON

Related for CVE-2008-1113