PT-2015-7234 · Cisco · Cisco Jabber

Published

2015-12-26

Updated

2016-12-07

CVE-2015-6409

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco Jabber versions 10.6.x through 11.1.x

Description The issue allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks, triggering cleartext XMPP sessions.

Recommendations For versions 10.6.x through 11.1.x, consider disabling the STARTTLS functionality as a temporary workaround until a patch is available. Restrict access to the XMPP sessions to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2015-6409

Affected Products

Cisco Jabber

PT-2015-7234 · Cisco · Cisco Jabber

CVE-2015-6409

Weakness Enumeration

Related Identifiers

Affected Products

References · 5