SB2020030507 - Improper Certificate Validation in Cisco Intelligent Proximity
Published: March 5, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper Certificate Validation (CVE-ID: CVE-2020-3155)
The vulnerability allows a remote attacker to perform a man-in-the-middle (MiTM) attack.
The vulnerability exists in the SSL implementation of the Cisco Intelligent Proximity solution due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. A remote attacker can supply a specially crafted SSL certificate, perform a man-in-the-middle attack and view presentation content shared on it, modify any content being presented by the victim or have access to call controls.
This vulnerability affects Cisco products if they are running a vulnerable software release, have the Proximity feature enabled and are used to connect to on-premises devices.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.