Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1114

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1114
Last Modified 03 Jan 2013 12:00:00
Published 03 Mar 2008 01:44:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1114

Summary

Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

Vulnerable Systems


References

CONFIRM - http://www.vocera.com/downloads/InfrastructureGuide.pdf

BID - 27935

FULLDISC - 20080221 Cisco and Vocera wireless LAN VoIP devices don't check certificates

MISC - http://blogs.zdnet.com/security/?p=901

MISC - http://blogs.zdnet.com/security/?p=896


Last Updated: 27 May 2016 11:01:32