Vulnslist

find the latest Cisco vulnerabilities

Cisco Webex Meetings Mobile (iOS) SSL Certificate Validation Vulnerability

cisco-sa-20190821-webex-ssl-cert · Medium · Published · Updated

A vulnerability in Cisco Webex Meetings Mobile (iOS) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data by using an invalid Secure Sockets Layer (SSL) certificate. The vulnerability is due to insufficient SSL certificate validation by the affected software. An attacker could exploit this vulnerability by supplying a crafted SSL certificate to an affected device. A successful exploit could allow the attacker to conduct man-in-the-middle attacks to decrypt confidential information on user connections to the affected software. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-webex-ssl-cert

Cisco advisory ·CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2019-1948
Cisco Bug IDsCSCvq26812
CVSS ScoreBase 5.9
Base 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:X/RL:X/RC:X
Product Names From Source
Cisco WebEx Meetings for iOS

CSAF Product Statuses

Product Status Source CVE Rows
Cisco WebEx Meetings for iOS known_affected cisco_csaf CVE-2019-1948 1

Related Products

Product CVE Evidence
Cisco Webex Meetings CVE-2019-1948 Cisco OpenVuln
Cisco WebEx Meetings for iOS CVE-2019-1948 Cisco OpenVuln