CVE-2015-6409

CWE-200Information Exposure4 documents4 sources
Severity
5.9MEDIUM
EPSS
0.3%
top 50.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Jabber
Timeline
PublishedDec 26
Latest updateMay 17

Description

Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

NVDcisco/jabber10.6\(2\)

🔴Vulnerability Details

2
GHSA
GHSA-w4rj-fr95-86j5: Cisco Jabber 102022-05-17
CVEList
CVE-2015-6409: Cisco Jabber 102015-12-26

📋Vendor Advisories

1
Cisco
Cisco Jabber STARTTLS Downgrade Vulnerability2015-12-24
CVE-2015-6409 (MEDIUM CVSS 5.9) | Cisco Jabber 10.6.x | cvebase.io