Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Jabber for Windows Certificate Validation Vulnerability

Cisco-SA-20130905-CVE-2013-1228 · Medium · Published · Updated

A vulnerability in Cisco Jabber for Windows could allow an unauthenticated, remote attacker to gain a man-in-the-middle position. The vulnerability is due to a failure to validate server certificates when negotiating a connection over Secure Sockets Layer (SSL). An attacker could exploit this vulnerability by intercepting and altering the connection. Cisco has confirmed the vulnerability in a security notice and released software updates. To exploit the vulnerability, the attacker may need access trusted, internal networks to convince a targeted user to accept a crafted certificate. This access requirement could reduce the likelihood of a successful exploit. Cisco indicates through the CVSS score that proof-of-concept exploit code exists; however, the code is not known to be publicly available.

Cisco advisory · CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators may consider using IP-based access control lists (ACLs) to allow only trusted systems to access the affected systems.

Administrators are advised to monitor affected systems.

CVEsCVE-2013-1228
Cisco Bug IDsCSCug30280
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C
Product Names From Source
Cisco Jabber for Windows

Related Products

Product CVE Evidence
Cisco Jabber for Windows CVE-2013-1228 Cisco OpenVuln
Cisco Jabber CVE-2013-1228 Cisco OpenVuln