CVE-2012-6399

Name of the Vulnerable Software and Affected Versions Cisco WebEx version 4.1 on iOS

Description The issue allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate because it does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate.

Recommendations For Cisco WebEx version 4.1 on iOS, consider updating to a newer version that includes a fix for this issue, as the current version does not properly verify SSL certificates, allowing for potential man-in-the-middle attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.