Vulnerability Description
Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | 7921 Wireless Ip Phone | All versions |
| Vocera Communications | Vocera Communications Badge | All versions |
Related Weaknesses (CWE)
References
- http://blogs.zdnet.com/security/?p=896
- http://blogs.zdnet.com/security/?p=901
- http://seclists.org/fulldisclosure/2008/Feb/0402.html
- http://seclists.org/fulldisclosure/2008/Feb/0449.html
- http://secunia.com/advisories/29082Vendor Advisory
- http://securitytracker.com/id?1019494
- http://www.securityfocus.com/bid/27935
- http://blogs.zdnet.com/security/?p=896
- http://blogs.zdnet.com/security/?p=901
- http://seclists.org/fulldisclosure/2008/Feb/0402.html
- http://seclists.org/fulldisclosure/2008/Feb/0449.html
- http://secunia.com/advisories/29082Vendor Advisory
- http://securitytracker.com/id?1019494
- http://www.securityfocus.com/bid/27935
FAQ
What is CVE-2008-1113?
CVE-2008-1113 is a vulnerability with a CVSS score of 7.8 (HIGH). Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed ...
How severe is CVE-2008-1113?
CVE-2008-1113 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1113?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco 7921 Wireless Ip Phone, Vocera Communications Vocera Communications Badge.