CVE-2008-1114

EUVD-2008-1123
Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 44%
Affected Products (NVD)
VendorProductVersion
vocerawireless_handset
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://blogs.zdnet.com/security/?p=896
http://blogs.zdnet.com/security/?p=901
http://seclists.org/fulldisclosure/2008/Feb/0402.html
http://www.securityfocus.com/bid/27935
http://www.vocera.com/downloads/InfrastructureGuide.pdf
http://blogs.zdnet.com/security/?p=896
http://blogs.zdnet.com/security/?p=901
http://seclists.org/fulldisclosure/2008/Feb/0402.html
http://www.securityfocus.com/bid/27935
http://www.vocera.com/downloads/InfrastructureGuide.pdf