VAR-200803-0287
Vulnerability from variot - Updated: 2023-12-18 12:32Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. Multiple VoIP products are prone to a security-bypass vulnerability in their PEAP implementation because their software fails to properly validate server certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted authentication servers. This will aid in further attacks. The following products are prone to this issue: - Vocera Communications System badges - Cisco Wireless IP Phone 7921 Other devices and packages may also be affected. ----------------------------------------------------------------------
A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched.
Download and test it today: https://psi.secunia.com/
Read more about this new version: https://psi.secunia.com/?page=changelog
TITLE: Cisco IP Phone 7921 Insecure PEAP Implementation
SECUNIA ADVISORY ID: SA29082
VERIFY ADVISORY: http://secunia.com/advisories/29082/
CRITICAL: Less critical
IMPACT: Exposure of sensitive information
WHERE:
From local network
OPERATING SYSTEM: Cisco IP Phone 7921 http://secunia.com/product/17833/
DESCRIPTION: A security issue has been reported in Cisco IP Phone 7921, which potentially can be exploited by malicious people to disclose sensitive information.
The problem is that server certificates are not validated when using the PEAP protocol. This can be exploited to e.g. gain knowledge of authentication credentials when a user is tricked into connecting to a malicious authentication server.
SOLUTION: The vendor is reportedly working on a update and recommends using EAP-TLS instead of PEAP.
PROVIDED AND/OR DISCOVERED BY: Unknown researchers reported via ZDNet's Zero Day blog.
OTHER REFERENCES: http://blogs.zdnet.com/security/?p=896 http://blogs.zdnet.com/security/?p=901
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200803-0287",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications badge",
"scope": "eq",
"trust": 1.0,
"vendor": "vocera",
"version": "*"
},
{
"model": "communications badge",
"scope": null,
"trust": 0.8,
"vendor": "vocera",
"version": null
},
{
"model": "7921 wireless ip phone",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "communications vocera communications badge",
"scope": "eq",
"trust": 0.3,
"vendor": "vocera",
"version": "0"
},
{
"model": "wireless ip phone",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "79210"
}
],
"sources": [
{
"db": "BID",
"id": "27935"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"db": "NVD",
"id": "CVE-2008-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:7921_wireless_ip_phone:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:vocera_communications:vocera_communications_badge:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1113"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "George Ou disclosed this issue.",
"sources": [
{
"db": "BID",
"id": "27935"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
],
"trust": 0.9
},
"cve": "CVE-2008-1113",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.8,
"confidentialityImpact": "Complete",
"exploitabilityScore": null,
"id": "CVE-2008-1113",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 7.8,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 10.0,
"id": "VHN-31238",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:C/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2008-1113",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-200803-006",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-31238",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31238"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"db": "NVD",
"id": "CVE-2008-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. Multiple VoIP products are prone to a security-bypass vulnerability in their PEAP implementation because their software fails to properly validate server certificates. \nSuccessfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted authentication servers. This will aid in further attacks. \nThe following products are prone to this issue:\n- Vocera Communications System badges\n- Cisco Wireless IP Phone 7921\nOther devices and packages may also be affected. ----------------------------------------------------------------------\n\nA new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI\nhas been released. The new version includes many new and advanced\nfeatures, which makes it even easier to stay patched. \n\nDownload and test it today:\nhttps://psi.secunia.com/\n\nRead more about this new version:\nhttps://psi.secunia.com/?page=changelog\n\n----------------------------------------------------------------------\n\nTITLE:\nCisco IP Phone 7921 Insecure PEAP Implementation\n\nSECUNIA ADVISORY ID:\nSA29082\n\nVERIFY ADVISORY:\nhttp://secunia.com/advisories/29082/\n\nCRITICAL:\nLess critical\n\nIMPACT:\nExposure of sensitive information\n\nWHERE:\n\u003eFrom local network\n\nOPERATING SYSTEM:\nCisco IP Phone 7921\nhttp://secunia.com/product/17833/\n\nDESCRIPTION:\nA security issue has been reported in Cisco IP Phone 7921, which\npotentially can be exploited by malicious people to disclose\nsensitive information. \n\nThe problem is that server certificates are not validated when using\nthe PEAP protocol. This can be exploited to e.g. gain knowledge of\nauthentication credentials when a user is tricked into connecting to\na malicious authentication server. \n\nSOLUTION:\nThe vendor is reportedly working on a update and recommends using\nEAP-TLS instead of PEAP. \n\nPROVIDED AND/OR DISCOVERED BY:\nUnknown researchers reported via ZDNet\u0027s Zero Day blog. \n\nOTHER REFERENCES:\nhttp://blogs.zdnet.com/security/?p=896\nhttp://blogs.zdnet.com/security/?p=901\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2008-1113"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"db": "BID",
"id": "27935"
},
{
"db": "VULHUB",
"id": "VHN-31238"
},
{
"db": "PACKETSTORM",
"id": "64101"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2008-1113",
"trust": 2.8
},
{
"db": "BID",
"id": "27935",
"trust": 2.0
},
{
"db": "SECUNIA",
"id": "29082",
"trust": 1.8
},
{
"db": "SECTRACK",
"id": "1019494",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005533",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-200803-006",
"trust": 0.7
},
{
"db": "FULLDISC",
"id": "20080221 CISCO AND VOCERA WIRELESS LAN VOIP DEVICES DON\u0027T CHECK CERTIFICATES",
"trust": 0.6
},
{
"db": "FULLDISC",
"id": "20080223 CISCO CONFIRMS VULNERABILITY IN 7921 WI-FI IP PHONE",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-31238",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "64101",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31238"
},
{
"db": "BID",
"id": "27935"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"db": "PACKETSTORM",
"id": "64101"
},
{
"db": "NVD",
"id": "CVE-2008-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
]
},
"id": "VAR-200803-0287",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-31238"
}
],
"trust": 0.47675563
},
"last_update_date": "2023-12-18T12:32:05.175000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.vocera.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-200",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31238"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"db": "NVD",
"id": "CVE-2008-1113"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://blogs.zdnet.com/security/?p=896"
},
{
"trust": 2.1,
"url": "http://blogs.zdnet.com/security/?p=901"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/27935"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2008/feb/0402.html"
},
{
"trust": 1.7,
"url": "http://seclists.org/fulldisclosure/2008/feb/0449.html"
},
{
"trust": 1.7,
"url": "http://securitytracker.com/id?1019494"
},
{
"trust": 1.7,
"url": "http://secunia.com/advisories/29082"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1113"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1113"
},
{
"trust": 0.3,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-february/060406.html"
},
{
"trust": 0.3,
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-february/060453.html"
},
{
"trust": 0.3,
"url": "http://vocera.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/secunia_security_advisories/"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/?page=changelog"
},
{
"trust": 0.1,
"url": "https://psi.secunia.com/"
},
{
"trust": 0.1,
"url": "http://secunia.com/advisories/29082/"
},
{
"trust": 0.1,
"url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org"
},
{
"trust": 0.1,
"url": "http://secunia.com/product/17833/"
},
{
"trust": 0.1,
"url": "http://secunia.com/about_secunia_advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-31238"
},
{
"db": "BID",
"id": "27935"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"db": "PACKETSTORM",
"id": "64101"
},
{
"db": "NVD",
"id": "CVE-2008-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-31238"
},
{
"db": "BID",
"id": "27935"
},
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"db": "PACKETSTORM",
"id": "64101"
},
{
"db": "NVD",
"id": "CVE-2008-1113"
},
{
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-03-03T00:00:00",
"db": "VULHUB",
"id": "VHN-31238"
},
{
"date": "2008-02-21T00:00:00",
"db": "BID",
"id": "27935"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"date": "2008-02-27T20:02:28",
"db": "PACKETSTORM",
"id": "64101"
},
{
"date": "2008-03-03T18:44:00",
"db": "NVD",
"id": "CVE-2008-1113"
},
{
"date": "2008-03-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-31238"
},
{
"date": "2016-07-06T14:17:00",
"db": "BID",
"id": "27935"
},
{
"date": "2012-12-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2008-005533"
},
{
"date": "2008-09-05T21:36:50.757000",
"db": "NVD",
"id": "CVE-2008-1113"
},
{
"date": "2008-09-05T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified Wireless IP Phone 7921 Hashed password stealing vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2008-005533"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "information disclosure",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200803-006"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…