{"containers": {"cna": {"affected": [{"product": "Cisco Jabber IM for Android", "vendor": "Cisco", "versions": [{"lessThan": "n/a", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2020-03-04T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-295", "description": "CWE-295", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-03-04T18:40:32", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"}], "source": {"advisory": "cisco-sa-proximity-ssl-cert-gBBu3RB", "defect": [["CSCvr90871"]], "discovery": "INTERNAL"}, "title": "Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2020-03-04T16:00:00-0800", "ID": "CVE-2020-3155", "STATE": "PUBLIC", "TITLE": "Cisco Intelligent Proximity SSL Certificate Validation Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Jabber IM for Android", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "n/a"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "7.4", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-295"}]}]}, "references": {"reference_data": [{"name": "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"}]}, "source": {"advisory": "cisco-sa-proximity-ssl-cert-gBBu3RB", "defect": [["CSCvr90871"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:24:00.623Z"}, "title": "CVE Program Container", "references": [{"name": "20200304 Cisco Intelligent Proximity SSL Certificate Validation Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2020-3155", "datePublished": "2020-03-04T18:40:32.322145Z", "dateReserved": "2019-12-12T00:00:00", "dateUpdated": "2024-09-16T19:20:30.993Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:intelligence_proximity:*:*:*:*:*:*:*:*", "matchCriteriaId": "A97A1FAC-E2A3-4EC1-9868-9FAD1A97E16A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:jabber:*:*:*:*:*:*:*:*", "matchCriteriaId": "4313200E-9FAF-457D-9DBE-E15623A3C62A", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:meeting:*:*:*:*:*:*:*:*", "matchCriteriaId": "A87CDF74-180B-48BC-907C-85F6C52FFE90", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_meetings:*:*:*:*:*:*:*:*", "matchCriteriaId": "0274B4FE-AB78-412C-A837-DB9C9E7F51A1", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:webex_teams:*:*:*:*:*:*:*:*", "matchCriteriaId": "3D78AB0F-AD39-46DE-AE43-D9DABE24DF8C", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_codec_c40:-:*:*:*:*:*:*:*", "matchCriteriaId": "B87CEA3A-2CF3-48DF-935F-31553CAC1ED8", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:telepresence_codec_c40_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "1AF8E71F-0EDA-473A-A673-E29CAC50C256", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_codec_c60:-:*:*:*:*:*:*:*", "matchCriteriaId": "0754B77C-E888-461E-AA1E-74B78DA59B78", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:telepresence_codec_c60_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "7549095E-BC00-449F-98AD-2FDF61506AB0", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:telepresence_codec_c90:-:*:*:*:*:*:*:*", "matchCriteriaId": "0BFF6AA3-4850-40A3-8211-82F60F14ACD3", "vulnerable": false}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:telepresence_codec_c90_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "53020625-037E-46A9-B970-C30802BDC111", "vulnerable": true}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints."}, {"lang": "es", "value": "Una vulnerabilidad en la implementaci\u00f3n SSL de la soluci\u00f3n Cisco Intelligent Proximity, podr\u00eda permitir a un atacante remoto no autenticado visualizar o modificar la informaci\u00f3n compartida en los dispositivos de video Cisco Webex y los endpoints de colaboraci\u00f3n de Cisco si los productos cumplen con las condiciones descritas en la secci\u00f3n de Productos Vulnerables. La vulnerabilidad es debido a la falta de comprobaci\u00f3n del certificado del servidor SSL recibido cuando se establece una conexi\u00f3n a un dispositivo de video Cisco Webex o un endpoint de colaboraci\u00f3n de Cisco. Un atacante podr\u00eda explotar esta vulnerabilidad al usar t\u00e9cnicas de tipo man in the middle (MITM) para interceptar el tr\u00e1fico entre el cliente afectado y un endpoint, y luego utilizar un certificado falsificado para suplantar el endpoint. Dependiendo de la configuraci\u00f3n del endpoint, una explotaci\u00f3n podr\u00eda permitir al atacante visualizar el contenido de presentaci\u00f3n compartido en \u00e9l, modificar cualquier contenido presentado por la v\u00edctima o tener acceso a los controles de llamadas. Esta vulnerabilidad no afecta a los endpoints de colaboraci\u00f3n registrados en la nube."}], "id": "CVE-2020-3155", "lastModified": "2020-03-05T17:08:49.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-04T19:15:12.697", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-295"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-295"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}