Search

Find a vulnerability

Search criteria

    2 vulnerabilities by vocera_communications

    CVE-2008-1113 (GCVE-0-2008-1113)

    Vulnerability from nvd – Published: 2008-03-03 18:00 – Updated: 2024-09-16 17:29
    VLAI
    Summary
    Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://blogs.zdnet.com/security/?p=896 x_refsource_MISC
    http://seclists.org/fulldisclosure/2008/Feb/0449.html mailing-listx_refsource_FULLDISC
    http://securitytracker.com/id?1019494 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2008/Feb/0402.html mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/27935 vdb-entryx_refsource_BID
    http://blogs.zdnet.com/security/?p=901 x_refsource_MISC
    http://secunia.com/advisories/29082 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:08:57.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.zdnet.com/security/?p=896"
              },
              {
                "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
              },
              {
                "name": "1019494",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019494"
              },
              {
                "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
              },
              {
                "name": "27935",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27935"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.zdnet.com/security/?p=901"
              },
              {
                "name": "29082",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29082"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-03T18:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.zdnet.com/security/?p=896"
            },
            {
              "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
            },
            {
              "name": "1019494",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019494"
            },
            {
              "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
            },
            {
              "name": "27935",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27935"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.zdnet.com/security/?p=901"
            },
            {
              "name": "29082",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29082"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blogs.zdnet.com/security/?p=896",
                  "refsource": "MISC",
                  "url": "http://blogs.zdnet.com/security/?p=896"
                },
                {
                  "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
                },
                {
                  "name": "1019494",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019494"
                },
                {
                  "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
                },
                {
                  "name": "27935",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27935"
                },
                {
                  "name": "http://blogs.zdnet.com/security/?p=901",
                  "refsource": "MISC",
                  "url": "http://blogs.zdnet.com/security/?p=901"
                },
                {
                  "name": "29082",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29082"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1113",
        "datePublished": "2008-03-03T18:00:00.000Z",
        "dateReserved": "2008-03-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:29:07.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-1113 (GCVE-0-2008-1113)

    Vulnerability from cvelistv5 – Published: 2008-03-03 18:00 – Updated: 2024-09-16 17:29
    VLAI
    Summary
    Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://blogs.zdnet.com/security/?p=896 x_refsource_MISC
    http://seclists.org/fulldisclosure/2008/Feb/0449.html mailing-listx_refsource_FULLDISC
    http://securitytracker.com/id?1019494 vdb-entryx_refsource_SECTRACK
    http://seclists.org/fulldisclosure/2008/Feb/0402.html mailing-listx_refsource_FULLDISC
    http://www.securityfocus.com/bid/27935 vdb-entryx_refsource_BID
    http://blogs.zdnet.com/security/?p=901 x_refsource_MISC
    http://secunia.com/advisories/29082 third-party-advisoryx_refsource_SECUNIA
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T08:08:57.551Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.zdnet.com/security/?p=896"
              },
              {
                "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
              },
              {
                "name": "1019494",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1019494"
              },
              {
                "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
              },
              {
                "name": "27935",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/27935"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://blogs.zdnet.com/security/?p=901"
              },
              {
                "name": "29082",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/29082"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-03-03T18:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.zdnet.com/security/?p=896"
            },
            {
              "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
            },
            {
              "name": "1019494",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1019494"
            },
            {
              "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
            },
            {
              "name": "27935",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/27935"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://blogs.zdnet.com/security/?p=901"
            },
            {
              "name": "29082",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/29082"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-1113",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://blogs.zdnet.com/security/?p=896",
                  "refsource": "MISC",
                  "url": "http://blogs.zdnet.com/security/?p=896"
                },
                {
                  "name": "20080223 Cisco confirms vulnerability in 7921 Wi-Fi IP phone",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2008/Feb/0449.html"
                },
                {
                  "name": "1019494",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1019494"
                },
                {
                  "name": "20080221 Cisco and Vocera wireless LAN VoIP devices don\u0027t check certificates",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2008/Feb/0402.html"
                },
                {
                  "name": "27935",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/27935"
                },
                {
                  "name": "http://blogs.zdnet.com/security/?p=901",
                  "refsource": "MISC",
                  "url": "http://blogs.zdnet.com/security/?p=901"
                },
                {
                  "name": "29082",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/29082"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-1113",
        "datePublished": "2008-03-03T18:00:00.000Z",
        "dateReserved": "2008-03-03T00:00:00.000Z",
        "dateUpdated": "2024-09-16T17:29:07.443Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }