Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1113

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2008-1113
Last Modified 05 Sep 2008 05:36:50
Published 03 Mar 2008 01:44:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-1113

Summary

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

Vulnerable Systems

Application

  • Vocera Communications Badge


References

BID - 27935

SECTRACK - 1019494

SECUNIA - 29082

FULLDISC - 20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone

FULLDISC - 20080221 Cisco and Vocera wireless LAN VoIP devices don't check certificates

MISC - http://blogs.zdnet.com/security/?p=901

MISC - http://blogs.zdnet.com/security/?p=896


Last Updated: 27 May 2016 10:47:02