Vulnerability-Lookup

CVE-2008-1113 (GCVE-0-2008-1113)

Vulnerability from cvelistv5 – Published: 2008-03-03 18:00 – Updated: 2024-09-16 17:29

Summary

Severity

No CVSS data available.

CWE

Assigner

mitre

References

7 references

URL	Tags
http://blogs.zdnet.com/security/?p=896	x_refsource_MISC
http://seclists.org/fulldisclosure/2008/Feb/0449.html	mailing-listx_refsource_FULLDISC
http://securitytracker.com/id?1019494	vdb-entryx_refsource_SECTRACK
http://seclists.org/fulldisclosure/2008/Feb/0402.html	mailing-listx_refsource_FULLDISC
http://www.securityfocus.com/bid/27935	vdb-entryx_refsource_BID
http://blogs.zdnet.com/security/?p=901	x_refsource_MISC
http://secunia.com/advisories/29082	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:08:57.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.zdnet.com/security/?p=896"
          },
          {
            "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
          },
          {
            "name": "1019494",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1019494"
          },
          {
            "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
          },
          {
            "name": "27935",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/27935"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.zdnet.com/security/?p=901"
          },
          {
            "name": "29082",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/29082"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-03-03T18:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.zdnet.com/security/?p=896"
        },
        {
          "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
        },
        {
          "name": "1019494",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1019494"
        },
        {
          "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
        },
        {
          "name": "27935",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/27935"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.zdnet.com/security/?p=901"
        },
        {
          "name": "29082",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/29082"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://blogs.zdnet.com/security/?p=896",
              "refsource": "MISC",
              "url": "http://blogs.zdnet.com/security/?p=896"
            },
            {
              "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
            },
            {
              "name": "1019494",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1019494"
            },
            {
              "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
            },
            {
              "name": "27935",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/27935"
            },
            {
              "name": "http://blogs.zdnet.com/security/?p=901",
              "refsource": "MISC",
              "url": "http://blogs.zdnet.com/security/?p=901"
            },
            {
              "name": "29082",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/29082"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1113",
    "datePublished": "2008-03-03T18:00:00.000Z",
    "dateReserved": "2008-03-03T00:00:00.000Z",
    "dateUpdated": "2024-09-16T17:29:07.443Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-1113",
      "date": "2026-06-25",
      "epss": "0.00887",
      "percentile": "0.54654"
    },
    "fkie_nvd": {
      "configurations": "[{\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB60B368-94E0-4A32-86B2-46BA076ADF3E\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A5DD0E9-3ECC-443C-9EA3-077D0CFF5358\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.\"}, {\"lang\": \"es\", \"value\": \"Cisco Unified Wireless IP Phone 7921, cuando utiliza Protected Extensible Authentication Protocol (PEAP), no valida certificados de servidor, lo cual permite a los puntos de acceso inal\\u00e1mbricos remotos robar el resumen digital (hash) de contase\\u00f1as y dirigir ataques man-in-the-middle (MITM).\"}]",
      "id": "CVE-2008-1113",
      "lastModified": "2024-11-21T00:43:42.427",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:N/A:N\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2008-03-03T18:44:00.000",
      "references": "[{\"url\": \"http://blogs.zdnet.com/security/?p=896\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.zdnet.com/security/?p=901\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2008/Feb/0402.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://seclists.org/fulldisclosure/2008/Feb/0449.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/29082\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1019494\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/27935\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://blogs.zdnet.com/security/?p=896\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://blogs.zdnet.com/security/?p=901\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2008/Feb/0402.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/fulldisclosure/2008/Feb/0449.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/29082\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://securitytracker.com/id?1019494\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/27935\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-1113\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2008-03-03T18:44:00.000\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.\"},{\"lang\":\"es\",\"value\":\"Cisco Unified Wireless IP Phone 7921, cuando utiliza Protected Extensible Authentication Protocol (PEAP), no valida certificados de servidor, lo cual permite a los puntos de acceso inal\u00e1mbricos remotos robar el resumen digital (hash) de contase\u00f1as y dirigir ataques man-in-the-middle (MITM).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:N/A:N\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB60B368-94E0-4A32-86B2-46BA076ADF3E\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A5DD0E9-3ECC-443C-9EA3-077D0CFF5358\"}]}]}],\"references\":[{\"url\":\"http://blogs.zdnet.com/security/?p=896\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.zdnet.com/security/?p=901\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2008/Feb/0402.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://seclists.org/fulldisclosure/2008/Feb/0449.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/29082\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019494\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/27935\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://blogs.zdnet.com/security/?p=896\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blogs.zdnet.com/security/?p=901\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2008/Feb/0402.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/fulldisclosure/2008/Feb/0449.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/29082\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1019494\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/27935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

FKIE_CVE-2008-1113

Vulnerability from fkie_nvd - Published: 2008-03-03 18:44 - Updated: 2026-06-16 22:51

Severity

Summary

References

URL	Tags
cve@mitre.org	http://blogs.zdnet.com/security/?p=896
cve@mitre.org	http://blogs.zdnet.com/security/?p=901
cve@mitre.org	http://seclists.org/fulldisclosure/2008/Feb/0402.html
cve@mitre.org	http://seclists.org/fulldisclosure/2008/Feb/0449.html
cve@mitre.org	http://secunia.com/advisories/29082	Vendor Advisory
cve@mitre.org	http://securitytracker.com/id?1019494
cve@mitre.org	http://www.securityfocus.com/bid/27935
af854a3a-2127-422b-91ae-364da2661108	http://blogs.zdnet.com/security/?p=896
af854a3a-2127-422b-91ae-364da2661108	http://blogs.zdnet.com/security/?p=901
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2008/Feb/0402.html
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2008/Feb/0449.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/29082	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://securitytracker.com/id?1019494
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/27935

Impacted products

	Vendor	Product	Version
	cisco	7921_wireless_ip_phone	*
	vocera_communications	vocera_communications_badge	*

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "source": "cve@mitre.org"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB60B368-94E0-4A32-86B2-46BA076ADF3E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A5DD0E9-3ECC-443C-9EA3-077D0CFF5358",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
    },
    {
      "lang": "es",
      "value": "Cisco Unified Wireless IP Phone 7921, cuando utiliza Protected Extensible Authentication Protocol (PEAP), no valida certificados de servidor, lo cual permite a los puntos de acceso inal\u00e1mbricos remotos robar el resumen digital (hash) de contase\u00f1as y dirigir ataques man-in-the-middle (MITM)."
    }
  ],
  "id": "CVE-2008-1113",
  "lastModified": "2026-06-16T22:51:01.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.8,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-03-03T18:44:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.zdnet.com/security/?p=896"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://blogs.zdnet.com/security/?p=901"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29082"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://securitytracker.com/id?1019494"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/27935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.zdnet.com/security/?p=896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://blogs.zdnet.com/security/?p=901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/29082"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securitytracker.com/id?1019494"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/27935"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MX3G-C2PM-2GMW

Vulnerability from github – Published: 2022-05-01 23:36 – Updated: 2022-05-01 23:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1113"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-200"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-03-03T18:44:00Z",
    "severity": "HIGH"
  },
  "details": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.",
  "id": "GHSA-mx3g-c2pm-2gmw",
  "modified": "2022-05-01T23:36:47Z",
  "published": "2022-05-01T23:36:47Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1113"
    },
    {
      "type": "WEB",
      "url": "http://blogs.zdnet.com/security/?p=896"
    },
    {
      "type": "WEB",
      "url": "http://blogs.zdnet.com/security/?p=901"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/29082"
    },
    {
      "type": "WEB",
      "url": "http://securitytracker.com/id?1019494"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/27935"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-1113

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2008-1113

Aliases

CVE-2008-1113

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1113",
    "description": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.",
    "id": "GSD-2008-1113"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1113"
      ],
      "details": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.",
      "id": "GSD-2008-1113",
      "modified": "2023-12-13T01:23:03.614512Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1113",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://blogs.zdnet.com/security/?p=896",
            "refsource": "MISC",
            "url": "http://blogs.zdnet.com/security/?p=896"
          },
          {
            "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
          },
          {
            "name": "1019494",
            "refsource": "SECTRACK",
            "url": "http://securitytracker.com/id?1019494"
          },
          {
            "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
          },
          {
            "name": "27935",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/27935"
          },
          {
            "name": "http://blogs.zdnet.com/security/?p=901",
            "refsource": "MISC",
            "url": "http://blogs.zdnet.com/security/?p=901"
          },
          {
            "name": "29082",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/29082"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1113"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-200"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
            },
            {
              "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
              "refsource": "FULLDISC",
              "tags": [],
              "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
            },
            {
              "name": "http://blogs.zdnet.com/security/?p=896",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.zdnet.com/security/?p=896"
            },
            {
              "name": "http://blogs.zdnet.com/security/?p=901",
              "refsource": "MISC",
              "tags": [],
              "url": "http://blogs.zdnet.com/security/?p=901"
            },
            {
              "name": "27935",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/27935"
            },
            {
              "name": "1019494",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://securitytracker.com/id?1019494"
            },
            {
              "name": "29082",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/29082"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2008-09-05T21:36Z",
      "publishedDate": "2008-03-03T18:44Z"
    }
  }
}

VAR-200803-0287

Vulnerability from variot - Updated: 2023-12-18 12:32

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. Multiple VoIP products are prone to a security-bypass vulnerability in their PEAP implementation because their software fails to properly validate server certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted authentication servers. This will aid in further attacks. The following products are prone to this issue: - Vocera Communications System badges - Cisco Wireless IP Phone 7921 Other devices and packages may also be affected. ----------------------------------------------------------------------

A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.

Download and test it today: https://psi.secunia.com/

Read more about this new version: https://psi.secunia.com/?page=changelog

TITLE: Cisco IP Phone 7921 Insecure PEAP Implementation

SECUNIA ADVISORY ID: SA29082

VERIFY ADVISORY: http://secunia.com/advisories/29082/

CRITICAL: Less critical

IMPACT: Exposure of sensitive information

WHERE:

From local network

OPERATING SYSTEM: Cisco IP Phone 7921 http://secunia.com/product/17833/

DESCRIPTION: A security issue has been reported in Cisco IP Phone 7921, which potentially can be exploited by malicious people to disclose sensitive information.

The problem is that server certificates are not validated when using the PEAP protocol. This can be exploited to e.g. gain knowledge of authentication credentials when a user is tricked into connecting to a malicious authentication server.

SOLUTION: The vendor is reportedly working on a update and recommends using EAP-TLS instead of PEAP.

PROVIDED AND/OR DISCOVERED BY: Unknown researchers reported via ZDNet's Zero Day blog.

OTHER REFERENCES: http://blogs.zdnet.com/security/?p=896 http://blogs.zdnet.com/security/?p=901

About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.

Subscribe: http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/

Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.

Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200803-0287",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "communications badge",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "vocera",
        "version": "*"
      },
      {
        "model": "communications badge",
        "scope": null,
        "trust": 0.8,
        "vendor": "vocera",
        "version": null
      },
      {
        "model": "7921 wireless ip phone",
        "scope": null,
        "trust": 0.6,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "communications vocera communications badge",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "vocera",
        "version": "0"
      },
      {
        "model": "wireless ip phone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "79210"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "27935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1113"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "George Ou disclosed this issue.",
    "sources": [
      {
        "db": "BID",
        "id": "27935"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2008-1113",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 7.8,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2008-1113",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 7.8,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "id": "VHN-31238",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2008-1113",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200803-006",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-31238",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31238"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. Multiple VoIP products are prone to a security-bypass vulnerability in their PEAP implementation because their software fails to properly validate server certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted authentication servers. This will aid in further attacks. \nThe following products are prone to this issue:\n- Vocera Communications System badges\n- Cisco Wireless IP Phone 7921\nOther devices and packages may also be affected. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco IP Phone 7921 Insecure PEAP Implementation\n\nSECUNIA ADVISORY ID:\nSA29082\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29082/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nExposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nCisco IP Phone 7921\nhttp://secunia.com/product/17833/\n\nDESCRIPTION:\nA security issue has been reported in Cisco IP Phone 7921, which\npotentially can be exploited by malicious people to disclose\nsensitive information. \n\nThe problem is that server certificates are not validated when using\nthe PEAP protocol. This can be exploited to e.g.  gain knowledge of\nauthentication credentials when a user is tricked into connecting to\na malicious authentication server. \n\nSOLUTION:\nThe vendor is reportedly working on a update and recommends using\nEAP-TLS instead of PEAP. \n\nPROVIDED AND/OR DISCOVERED BY:\nUnknown researchers reported via ZDNet\u0027s Zero Day blog. \n\nOTHER REFERENCES:\nhttp://blogs.zdnet.com/security/?p=896\nhttp://blogs.zdnet.com/security/?p=901\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2008-1113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "db": "BID",
        "id": "27935"
      },
      {
        "db": "VULHUB",
        "id": "VHN-31238"
      },
      {
        "db": "PACKETSTORM",
        "id": "64101"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2008-1113",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "27935",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "29082",
        "trust": 1.8
      },
      {
        "db": "SECTRACK",
        "id": "1019494",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006",
        "trust": 0.7
      },
      {
        "db": "FULLDISC",
        "id": "20080221 CISCO AND VOCERA WIRELESS LAN VOIP DEVICES DON\u0027T CHECK CERTIFICATES",
        "trust": 0.6
      },
      {
        "db": "FULLDISC",
        "id": "20080223 CISCO CONFIRMS VULNERABILITY IN 7921 WI-FI IP PHONE",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-31238",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "64101",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31238"
      },
      {
        "db": "BID",
        "id": "27935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "db": "PACKETSTORM",
        "id": "64101"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ]
  },
  "id": "VAR-200803-0287",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31238"
      }
    ],
    "trust": 0.47675563
  },
  "last_update_date": "2023-12-18T12:32:05.175000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Top Page",
        "trust": 0.8,
        "url": "http://www.vocera.com/"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-200",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31238"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1113"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.1,
        "url": "http://blogs.zdnet.com/security/?p=896"
      },
      {
        "trust": 2.1,
        "url": "http://blogs.zdnet.com/security/?p=901"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/27935"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2008/feb/0402.html"
      },
      {
        "trust": 1.7,
        "url": "http://seclists.org/fulldisclosure/2008/feb/0449.html"
      },
      {
        "trust": 1.7,
        "url": "http://securitytracker.com/id?1019494"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/29082"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1113"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1113"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-february/060406.html"
      },
      {
        "trust": 0.3,
        "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-february/060453.html"
      },
      {
        "trust": 0.3,
        "url": "http://vocera.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/secunia_security_advisories/"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/?page=changelog"
      },
      {
        "trust": 0.1,
        "url": "https://psi.secunia.com/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/advisories/29082/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/product/17833/"
      },
      {
        "trust": 0.1,
        "url": "http://secunia.com/about_secunia_advisories/"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-31238"
      },
      {
        "db": "BID",
        "id": "27935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "db": "PACKETSTORM",
        "id": "64101"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-31238"
      },
      {
        "db": "BID",
        "id": "27935"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "db": "PACKETSTORM",
        "id": "64101"
      },
      {
        "db": "NVD",
        "id": "CVE-2008-1113"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-03-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31238"
      },
      {
        "date": "2008-02-21T00:00:00",
        "db": "BID",
        "id": "27935"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "date": "2008-02-27T20:02:28",
        "db": "PACKETSTORM",
        "id": "64101"
      },
      {
        "date": "2008-03-03T18:44:00",
        "db": "NVD",
        "id": "CVE-2008-1113"
      },
      {
        "date": "2008-03-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2008-09-05T00:00:00",
        "db": "VULHUB",
        "id": "VHN-31238"
      },
      {
        "date": "2016-07-06T14:17:00",
        "db": "BID",
        "id": "27935"
      },
      {
        "date": "2012-12-20T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      },
      {
        "date": "2008-09-05T21:36:50.757000",
        "db": "NVD",
        "id": "CVE-2008-1113"
      },
      {
        "date": "2008-09-05T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified Wireless IP Phone 7921 Hashed password stealing vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2008-005533"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "information disclosure",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200803-006"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1113 (GCVE-0-2008-1113)

FKIE_CVE-2008-1113

GHSA-MX3G-C2PM-2GMW

GSD-2008-1113

VAR-200803-0287

Tags

Sightings

Nomenclature