Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-1948

Опубликовано: 21 авг. 2019
Источник: nvd
CVSS3: 5.9
CVSS2: 4.3
EPSS Низкий

Описание

A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:iphone_os:*:*
Версия от 11.3 (включая) до 39.5 (включая)

EPSS

Процентиль: 30%
0.00111
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295
CWE-295

Связанные уязвимости

github логотип

GHSA-mmgm-r8g2-8xwq

CVSS3: 5.9
github
больше 3 лет назад

A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software.

fstec логотип

BDU:2019-03154

CVSS3: 5.9
fstec
больше 6 лет назад

Уязвимость программного обеспечения для веб-конференцсвязи Cisco Webex Meetings Mobile, вызванная ошибками при проверке SSL-сертификата, позволяющая нарушителю реализовать атаку типа «человек посередине»

EPSS

Процентиль: 30%
0.00111
Низкий

5.9 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-295
CWE-295