| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| NETGEAR Multiple Routers curl_post Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of multiple NETGEAR routers. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the update functionality, which operates over HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19981. |
| A vulnerability in the meeting-join functionality of Cisco Webex Meetings could have allowed an unauthenticated, network-proximate attacker to complete a meeting-join process in place of an intended targeted user, provided the requisite conditions were satisfied. Cisco has addressed this vulnerability in the Cisco Webex Meetings service, and no customer action is needed.
This vulnerability existed due to client certificate validation issues. Prior to this vulnerability being addressed, an attacker could have exploited this vulnerability by monitoring local wireless or adjacent networks for client-join requests and attempting to interrupt and complete the meeting-join flow as another user who was currently joining a meeting. To successfully exploit the vulnerability, an attacker would need the capability to position themselves in a local wireless or adjacent network, to monitor and intercept the targeted network traffic flows, and to satisfy timing requirements in order to interrupt the meeting-join flow and exploit the vulnerability. A successful exploit could have allowed the attacker to join the meeting as another user. However, the Cisco Product Security Incident Response Team (PSIRT) is not aware of any malicious use of the vulnerability that is described in this advisory. |
| Improper certificate validation in Zoom Workplace for Linux before version 6.4.13 may allow an unauthorized user to conduct an information disclosure via network access. |
| A vulnerability in certificate validation processing of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an unauthenticated, remote attacker to gain access to sensitive information.
This vulnerability is due to improper validation of certificates that are used by the Smart Licensing feature. An attacker with a privileged network position could exploit this vulnerability by intercepting traffic that is sent over the Internet. A successful exploit could allow the attacker to gain access to sensitive information, including credentials used by the device to connect to Cisco cloud services. |
| Dell ECS version 3.8.1.4 and prior contain an Improper Certificate Validation vulnerability. An unauthenticated attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. |
| A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.
Note: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. |
| When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate. |
| libcurl skips the certificate verification for a QUIC connection under certain conditions, when built to use wolfSSL. If told to use an unknown/bad cipher or curve, the error path accidentally skips the verification and returns OK, thus ignoring any certificate problems. |
| libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing. |
| In Yealink RPS before 2025-05-26, the certificate upload function does not properly validate certificate content, potentially allowing invalid certificates to be uploaded. |
| An improper certificate validation vulnerability [CWE-295] in FortiNAC-F version 7.2.4 and below may allow a remote and unauthenticated attacker to perform a Man-in-the-Middle attack on the HTTPS communication channel between the FortiOS device, an inventory, and FortiNAC-F. |
| AnĀ improper certificate validation vulnerability [CWE-295] in FortiPortal version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, version 6.0.15 and below when connecting to a FortiManager device, a FortiAnalyzer device, or an SMTP server may allow an unauthenticated attacker in a Man-in-the-Middle position to intercept on and tamper with the encrypted communication channel established between the FortiPortal and those endpoints. |
| A vulnerability in the Cisco Identity Services Engine (ISE) integration feature of the Cisco DNA Center Software could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data. The vulnerability is due to an incomplete validation of the X.509 certificate used when establishing a connection between DNA Center and an ISE server. An attacker could exploit this vulnerability by supplying a crafted certificate and could then intercept communications between the ISE and DNA Center. A successful exploit could allow the attacker to view and alter sensitive information that the ISE maintains about clients that are connected to the network. |
| AnĀ Improper Certificate Validation vulnerability [CWE-295] in FortiOS version 7.6.1 and below, version 7.4.7 and below may allow an EAP verified remote user to connect from FortiClient via revoked certificate. |
| A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information.
This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. |
| A certificate verification error in wolfSSL when building with the WOLFSSL_SYS_CA_CERTS and WOLFSSL_APPLE_NATIVE_CERT_VALIDATION options results in the wolfSSL
client failing to properly verify the server certificate's domain name,
allowing any certificate issued by a trusted CA to be accepted regardless of the hostname. |
| A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. |
| A bug in PSL validation logic in Apache HttpClient 5.4.x disables domain checks, affecting cookie management and host name verification. Discovered by the Apache HttpClient team. Fixed in the 5.4.3 release |
| The communication protocol used between client
and server had a flaw that could be leveraged to execute a man in the middle attack. |
| Serverpod is an app and web server, built for the Flutter and Dart ecosystem. This bug bypassed the validation of TSL certificates on all none web HTTP clients in the `serverpod_client` package. Making them susceptible to a man in the middle attack against encrypted traffic between the client device and the server. An attacker would need to be able to intercept the traffic and highjack the connection to the server for this vulnerability to be used. Upgrading to version `1.2.6` resolves this issue.
|
