CVE-2012-6399Improper Input Validation in Cisco Webex

CWE-20Improper Input Validation3 documents3 sources
Severity
5.8MEDIUMNVD
EPSS
0.1%
top 66.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Webex
Timeline
PublishedMay 27
Latest updateMay 17

Description

Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate, aka Bug ID CSCud94176.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

NVDcisco/webex4.1

🔴Vulnerability Details

2
GHSA
GHSA-h5x3-v9f7-g9fh: Cisco WebEx 42022-05-17
CVEList
CVE-2012-6399: Cisco WebEx 42013-05-27
CVE-2012-6399 — Improper Input Validation in Cisco | cvebase