Sign-up

ID

VAR-201309-0124


CVE

CVE-2013-1228


TITLE

Windows Run on Cisco Jabber Vulnerable to server impersonation

Trust: 0.8

sources: JVNDB: JVNDB-2013-003979

DESCRIPTION

Cisco Jabber on Windows does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify the client-server data stream via a crafted certificate, aka Bug ID CSCug30280. Cisco Jabber for Windows is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which may aid in further attacks. This issue is tracked by Cisco Bug ID CSCug30280. The program provides online status display, instant messaging, voice and other functions

Trust: 1.98

sources: NVD: CVE-2013-1228 // JVNDB: JVNDB-2013-003979 // BID: 62232 // VULHUB: VHN-61230

AFFECTED PRODUCTS

vendor:ciscomodel:jabberscope:eqversion: -

Trust: 1.6

vendor:ciscomodel:jabberscope:lteversion:for windows 9.2.1

Trust: 0.8

sources: JVNDB: JVNDB-2013-003979 // CNNVD: CNNVD-201309-036 // NVD: CVE-2013-1228

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-1228
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-1228
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201309-036
value: MEDIUM

Trust: 0.6

VULHUB: VHN-61230
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-1228
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-61230
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-61230 // JVNDB: JVNDB-2013-003979 // CNNVD: CNNVD-201309-036 // NVD: CVE-2013-1228

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-61230 // JVNDB: JVNDB-2013-003979 // NVD: CVE-2013-1228

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201309-036

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201309-036

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-003979

PATCH
title:Cisco Jabber for Windows Certificate Validation Vulnerabilityurl:http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1228
Trust: 0.8
title:30666url:http://tools.cisco.com/security/center/viewAlert.x?alertId=30666
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2013-003979

EXTERNAL IDS
db:NVDid:CVE-2013-1228
Trust: 2.8
db:BIDid:62232
Trust: 1.0
db:JVNDBid:JVNDB-2013-003979
Trust: 0.8
db:CNNVDid:CNNVD-201309-036
Trust: 0.7
db:CISCOid:20130905 CISCO JABBER FOR WINDOWS CERTIFICATE VALIDATION VULNERABILITY
Trust: 0.6
db:VULHUBid:VHN-61230
Trust: 0.1
sources:
            
            
            VULHUB: VHN-61230 // 
            
            
            
            BID: 62232 // 
            
            
            
            JVNDB: JVNDB-2013-003979 // 
            
            
            
            CNNVD: CNNVD-201309-036 // 
            
            
            
            NVD: CVE-2013-1228

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2013-1228
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-1228
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-1228
Trust: 0.8
url:http://www.securityfocus.com/bid/62232
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=30666
Trust: 0.3
sources:
            
            
            VULHUB: VHN-61230 // 
            
            
            
            BID: 62232 // 
            
            
            
            JVNDB: JVNDB-2013-003979 // 
            
            
            
            CNNVD: CNNVD-201309-036 // 
            
            
            
            NVD: CVE-2013-1228

CREDITS
Cisco
Trust: 0.9
sources:
            
            
            BID: 62232 // 
            
            
            
            CNNVD: CNNVD-201309-036

SOURCES
db:VULHUBid:VHN-61230
db:BIDid:62232
db:JVNDBid:JVNDB-2013-003979
db:CNNVDid:CNNVD-201309-036
db:NVDid:CVE-2013-1228

LAST UPDATE DATE
2024-08-14T13:58:11.643000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-61230date:2014-03-05T00:00:00
db:BIDid:62232date:2013-09-05T00:00:00
db:JVNDBid:JVNDB-2013-003979date:2015-08-10T00:00:00
db:CNNVDid:CNNVD-201309-036date:2013-09-09T00:00:00
db:NVDid:CVE-2013-1228date:2014-03-05T19:00:33.040

SOURCES RELEASE DATE
db:VULHUBid:VHN-61230date:2013-09-06T00:00:00
db:BIDid:62232date:2013-09-05T00:00:00
db:JVNDBid:JVNDB-2013-003979date:2013-09-09T00:00:00
db:CNNVDid:CNNVD-201309-036date:2013-09-06T00:00:00
db:NVDid:CVE-2013-1228date:2013-09-06T11:15:37.223