CVE-2008-1113

EUVD-2008-1122
Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
Affected Products (NVD)
VendorProductVersion
vocera_communicationsvocera_communications_badge
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blogs.zdnet.com/security/?p=896
http://blogs.zdnet.com/security/?p=901
http://seclists.org/fulldisclosure/2008/Feb/0402.html
http://seclists.org/fulldisclosure/2008/Feb/0449.html
http://secunia.com/advisories/29082
http://securitytracker.com/id?1019494
http://www.securityfocus.com/bid/27935
http://blogs.zdnet.com/security/?p=896
http://blogs.zdnet.com/security/?p=901
http://seclists.org/fulldisclosure/2008/Feb/0402.html
http://seclists.org/fulldisclosure/2008/Feb/0449.html
http://secunia.com/advisories/29082
http://securitytracker.com/id?1019494
http://www.securityfocus.com/bid/27935