cisco-sa-proximity-ssl-cert-gBBu3RB: Cisco Intelligent Proximity SSL Certificate Validation Vulnerability
First published: Wed Mar 04 2020(Updated: )
A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB
Credit: Adam Shore.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Proximity | ||
| Cisco Webex Platform | ||
| Cisco Collaboration Endpoints |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of cisco-sa-proximity-ssl-cert-gBBu3RB?
The severity of cisco-sa-proximity-ssl-cert-gBBu3RB is classified as high due to the potential for unauthorized access to sensitive information.
How do I fix cisco-sa-proximity-ssl-cert-gBBu3RB?
To fix cisco-sa-proximity-ssl-cert-gBBu3RB, you should apply the latest patches and updates provided by Cisco for the affected products.
What products are affected by cisco-sa-proximity-ssl-cert-gBBu3RB?
The affected products include Cisco Intelligent Proximity, Cisco Webex, and Cisco Collaboration Endpoints.
What type of attack is possible with cisco-sa-proximity-ssl-cert-gBBu3RB?
An unauthenticated, remote attacker may exploit the vulnerability to view or alter information shared on the affected Cisco devices.
Are there any workarounds for cisco-sa-proximity-ssl-cert-gBBu3RB?
Currently, there are no known workarounds to mitigate the cisco-sa-proximity-ssl-cert-gBBu3RB vulnerability, and upgrading is recommended.
- agent/type
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- collector/cisco-advisory
- source/Cisco
- agent/references
- agent/severity
- agent/weakness
- agent/description
- agent/title
- agent/author
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco proximity
- canonical/cisco webex platform
- canonical/cisco collaboration endpoints