Cisco Bug: CSCvs81456 - Cisco Proximity app attempts to pair to random unknown IP addresses
Apr 06, 2020
- Cisco TC Console
Known Affected Releases
Symptom: A vulnerability in the ultrasonic decoder of Cisco Intelligent Proximity could allow an unauthenticated, physical attacker to attempt to pair proximity enabled devices with unknown IP addresses. The vulnerability is due to an excessively lenient ultrasonic decoder. An attacker could exploit this vulnerability by generating crafted ultrasonic signals within the vicinity of a proximity enabled device. An exploit could allow an attacker, within physical range of the proximity enabled device, to attempt an HTTPS session with an IP address unknown to the victim machine. Conditions: Device with default configuration.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases