Guest

Preview Tool

Cisco Bug: CSCut36844 - Mobile Application Vulnerable to Man in the Middle Attack

Last Modified

Feb 02, 2017

Products (1)

  • Cisco Conference Director Series

Known Affected Releases

2015-07-04

Description (partial)

Symptom:
A vulnerability in the Cisco Spark's mobile application could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack
against the affected device.

The vulnerability is due to improper validation of the SSL certificate used to manage the device. An attacker could exploit this vulnerability to
view sensitive information.

Conditions:
Device configured with default configuration.



This defect has since been fixed. ALL VERSIONS AFTER 1.10.1773 FOR ANDROID ARE SECURE.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.