Sign-up

ID

VAR-202003-1183


CVE

CVE-2020-3155


TITLE

Cisco Intelligent Proximity Certificate validation vulnerabilities in the solution

Trust: 0.8

sources: JVNDB: JVNDB-2020-002426

DESCRIPTION

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints. Cisco Intelligent Proximity The solution contains a certificate validation vulnerability.Information may be obtained and tampered with. Cisco Intelligent Proximity is an innovative feature set that enables a richer collaboration experience from your mobile device. Cisco Webex Teams and others are products of Cisco. Cisco Webex Teams is a team collaboration application. The program includes video conferencing, group messaging and file sharing capabilities. Cisco Webex Meetings is a set of video conferencing solutions. Cisco Jabber is a unified communications client solution. The program provides online status display, instant messaging, voice and other functions. The following products and versions are affected: Cisco Intelligent Proximity application; Cisco Jabber; Cisco Webex Meetings; Cisco Webex Teams; Cisco Meeting App

Trust: 2.25

sources: NVD: CVE-2020-3155 // JVNDB: JVNDB-2020-002426 // CNVD: CNVD-2020-15703 // VULHUB: VHN-181280

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2020-15703

AFFECTED PRODUCTS

vendor:ciscomodel:jabberscope: - version: -

Trust: 1.4

vendor:ciscomodel:webex teamsscope: - version: -

Trust: 1.4

vendor:ciscomodel:webex meetingsscope: - version: -

Trust: 1.4

vendor:ciscomodel:meetingscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence codec c60scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:webex meetingsscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:intelligence proximityscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:webex teamsscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:telepresence codec c40scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:telepresence codec c90scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:jabberscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:intelligent proximityscope: - version: -

Trust: 0.8

vendor:ciscomodel:meetingscope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence codec c40scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence codec c60scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence codec c90scope: - version: -

Trust: 0.8

vendor:ciscomodel:meeting appscope: - version: -

Trust: 0.6

vendor:ciscomodel:intelligent proximity applicationscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2020-15703 // JVNDB: JVNDB-2020-002426 // NVD: CVE-2020-3155

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3155
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3155
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-002426
value: HIGH

Trust: 0.8

CNVD: CNVD-2020-15703
value: HIGH

Trust: 0.6

CNNVD: CNNVD-202003-185
value: HIGH

Trust: 0.6

VULHUB: VHN-181280
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2020-3155
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-002426
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2020-15703
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:H/AU:N/C:C/I:C/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 9.2
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-181280
severity: MEDIUM
baseScore: 5.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3155
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3155
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 5.2
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-002426
baseSeverity: HIGH
baseScore: 7.4
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2020-15703 // VULHUB: VHN-181280 // JVNDB: JVNDB-2020-002426 // CNNVD: CNNVD-202003-185 // NVD: CVE-2020-3155 // NVD: CVE-2020-3155

PROBLEMTYPE DATA

problemtype:CWE-295

Trust: 1.9

sources: VULHUB: VHN-181280 // JVNDB: JVNDB-2020-002426 // NVD: CVE-2020-3155

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202003-185

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-202003-185

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-002426

PATCH
title:cisco-sa-proximity-ssl-cert-gBBu3RBurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-proximity-ssl-cert-gBBu3RB
Trust: 0.8
title:Patch for Cisco Intelligent Proximity SSL Certificate Verification Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/207389
Trust: 0.6
title:Cisco Intelligent Proximity solution Repair measures for trust management problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=111607
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15703 // 
            
            
            
            JVNDB: JVNDB-2020-002426 // 
            
            
            
            CNNVD: CNNVD-202003-185

EXTERNAL IDS
db:NVDid:CVE-2020-3155
Trust: 3.1
db:JVNDBid:JVNDB-2020-002426
Trust: 0.8
db:CNNVDid:CNNVD-202003-185
Trust: 0.7
db:CNVDid:CNVD-2020-15703
Trust: 0.6
db:AUSCERTid:ESB-2020.0804
Trust: 0.6
db:VULHUBid:VHN-181280
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2020-15703 // 
            
            
            
            VULHUB: VHN-181280 // 
            
            
            
            JVNDB: JVNDB-2020-002426 // 
            
            
            
            CNNVD: CNNVD-202003-185 // 
            
            
            
            NVD: CVE-2020-3155

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-proximity-ssl-cert-gbbu3rb
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2020-3155
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3155
Trust: 0.8
url:http://202.108.211.175
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2020.0804/
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2020-15703 // 
            
            
            
            VULHUB: VHN-181280 // 
            
            
            
            JVNDB: JVNDB-2020-002426 // 
            
            
            
            CNNVD: CNNVD-202003-185 // 
            
            
            
            NVD: CVE-2020-3155

SOURCES
db:CNVDid:CNVD-2020-15703
db:VULHUBid:VHN-181280
db:JVNDBid:JVNDB-2020-002426
db:CNNVDid:CNNVD-202003-185
db:NVDid:CVE-2020-3155

LAST UPDATE DATE
2024-11-23T23:08:04.336000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2020-15703date:2020-03-06T00:00:00
db:VULHUBid:VHN-181280date:2020-03-05T00:00:00
db:JVNDBid:JVNDB-2020-002426date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-185date:2021-07-16T00:00:00
db:NVDid:CVE-2020-3155date:2024-11-21T05:30:26.457

SOURCES RELEASE DATE
db:CNVDid:CNVD-2020-15703date:2020-03-06T00:00:00
db:VULHUBid:VHN-181280date:2020-03-04T00:00:00
db:JVNDBid:JVNDB-2020-002426date:2020-03-16T00:00:00
db:CNNVDid:CNNVD-202003-185date:2020-03-04T00:00:00
db:NVDid:CVE-2020-3155date:2020-03-04T19:15:12.697