Guest

Preview Tool

Cisco Bug: CSCus66448 - Man-In-The-Middle attack in Train Key Management

Last Modified

Feb 16, 2017

Products (1)

  • Cisco WebEx Meetings

Known Affected Releases

T29.12

Description (partial)

Symptoms:
A vulnerability in SSL certificate verification between the components of the Cisco WebEx Train Release 
could allow an authenticated, remote attacker to conduct a man-in-the-middle (MITM) attack.

The vulnerability is due to lack of SSL certificate verification between WebEx and a third party key management 
system. An attacker could exploit this vulnerability by initiating independent connections with the victim servers and
relay messages between them to make them believe they are talking to each other over a private connection, when 
in fact the entire conversation is controlled by the attacker. An exploit could allow the attacker to eavesdrop and intercept 
all messages between the servers, including sensitive information like secret encryption keys. 

Conditions:
Device running with default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.