CVE-2020-3155Improper Certificate Validation in Cisco Jabber IM FOR Android

CWE-295Improper Certificate Validation4 documents4 sources
Severity
7.4HIGHNVD
EPSS
0.3%
top 51.66%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Jabber IM FOR Android
Timeline
PublishedMar 4
Latest updateMay 24

Description

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. A

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages1 packages

CVEListV5cisco/cisco_jabber_im_for_androidunspecifiedn/a

🔴Vulnerability Details

2
GHSA
GHSA-qv54-r855-f5j8: A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter2022-05-24
CVEList
Cisco Intelligent Proximity SSL Certificate Validation Vulnerability2020-03-04

📋Vendor Advisories

1
Cisco
Cisco Intelligent Proximity SSL Certificate Validation Vulnerability2020-03-04
CVE-2020-3155 — Improper Certificate Validation | cvebase