CVE-2020-3155

Name of the Vulnerable Software and Affected Versions Cisco Intelligent Proximity solution (affected versions not specified) Cisco Webex video devices (affected versions not specified) Cisco collaboration endpoints (affected versions not specified)

Description A vulnerability in the SSL implementation could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.