You are here

V-165: Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server

May 28, 2013 - 12:46am

Addthis

PROBLEM:

Cisco WebEx for iOS Certificate Validation Flaw Lets Remote Users Spoof the Server

PLATFORM:

Cisco WebEx for iOS 4.1, Other versions may also be affected.

ABSTRACT:

A vulnerability was reported in Cisco WebEx for iOS.

REFERENCE LINKS:

Cisco
SecurityTracker Alert ID:  1028592
Secunia Advisory SA51412
CVE-2012-6399  

IMPACT ASSESSMENT:

Medium

DISCUSSION:

A security issue in Cisco WebEx for iOS can be exploited by malicious people to conduct spoofing attacks.

The security issue is caused due to the application not properly verifying the server SSL certificate. This can be exploited to e.g. spoof the server via a MitM (Man-in-the-Middle) attack and e.g. disclose potentially sensitive information.

IMPACT:

A remote user can spoof the server.

SOLUTION:

No official solution is currently available.

Addthis