CVE-2019-1948Improper Certificate Validation in Cisco Webex Meetings FOR IOS

CWE-295Improper Certificate Validation4 documents4 sources
Severity
5.9MEDIUMNVD
EPSS
0.1%
top 71.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Webex Meetings FOR IOSCisco Webex Meetings
Timeline
PublishedAug 21
Latest updateMay 24

Description

A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to d

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages2 packages

NVDcisco/webex_meetings11.339.5
CVEListV5cisco/cisco_webex_meetings_for_iosunspecified39.5

🔴Vulnerability Details

2
GHSA
GHSA-mmgm-r8g2-8xwq: A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive dat2022-05-24
CVEList
Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability2019-08-21

📋Vendor Advisories

1
Cisco
Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability2019-08-21
CVE-2019-1948 — Improper Certificate Validation | cvebase