Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-3155

Опубликовано: 04 мар. 2020
Источник: nvd
CVSS3: 7.4
CVSS3: 7.4
CVSS2: 5.8
EPSS Низкий

Описание

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:intelligence_proximity:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:jabber:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:meeting:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*
cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*
Конфигурация 2

Одновременно

cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*
cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%
0.0025
Низкий

7.4 High

CVSS3

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-295
CWE-295

Связанные уязвимости

github логотип

GHSA-qv54-r855-f5j8

github
больше 3 лет назад

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaborati...

fstec логотип

BDU:2020-00980

CVSS3: 7.4
fstec
почти 6 лет назад

Уязвимость реализации SSL протокола в наборе функций Cisco Intelligent Proximity программного обеспечения для веб-конференцсвязи Cisco Webex Meetings, Cisco Webex Teams, Cisco Meeting App и Cisco Jabber, позволяющая нарушителю получить доступ к конфиденциальным данным и нарушить их целостность

EPSS

Процентиль: 48%
0.0025
Низкий

7.4 High

CVSS3

7.4 High

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-295
CWE-295