CVE-2008-1113

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://blogs.zdnet.com/security/?p=896
http://blogs.zdnet.com/security/?p=901
http://seclists.org/fulldisclosure/2008/Feb/0402.html
http://seclists.org/fulldisclosure/2008/Feb/0449.html
http://secunia.com/advisories/29082	Vendor Advisory
http://securitytracker.com/id?1019494
http://www.securityfocus.com/bid/27935

Configurations

Configuration 1 (hide)

AND

cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*

cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2008-03-03 18:44

Updated : 2024-02-04 17:13

NVD link : CVE-2008-1113

Mitre link : CVE-2008-1113

CVE.ORG link : CVE-2008-1113

JSON object : View

Products Affected

vocera_communications

vocera_communications_badge

cisco

7921_wireless_ip_phone

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2008-1113", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-03-03T18:44:00.000", "references": [{"url": "http://blogs.zdnet.com/security/?p=896", "source": "cve@mitre.org"}, {"url": "http://blogs.zdnet.com/security/?p=901", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html", "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/29082", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1019494", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/27935", "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."}, {"lang": "es", "value": "Cisco Unified Wireless IP Phone 7921, cuando utiliza Protected Extensible Authentication Protocol (PEAP), no valida certificados de servidor, lo cual permite a los puntos de acceso inal\u00e1mbricos remotos robar el resumen digital (hash) de contase\u00f1as y dirigir ataques man-in-the-middle (MITM)."}], "lastModified": "2008-09-05T21:36:50.757", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BB60B368-94E0-4A32-86B2-46BA076ADF3E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A5DD0E9-3ECC-443C-9EA3-077D0CFF5358"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}