Cisco Bug: CSCut36844 - Mobile Application Vulnerable to Man in the Middle Attack
Feb 02, 2017
- Cisco Conference Director Series
Known Affected Releases
Symptom: A vulnerability in the Cisco Spark's mobile application could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack against the affected device. The vulnerability is due to improper validation of the SSL certificate used to manage the device. An attacker could exploit this vulnerability to view sensitive information. Conditions: Device configured with default configuration. This defect has since been fixed. ALL VERSIONS AFTER 1.10.1773 FOR ANDROID ARE SECURE.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases