PT-2024-12438 · Splicecom · Splicecom Ipcs+1
Published
2024-01-25
·
Updated
2024-01-31
·
CVE-2023-33757
CVSS v3.1
5.9
Medium
| Vector | AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Splicecom iPCS (iOS App) versions 1.3.4 and earlier
Splicecom iPCS2 (iOS App) versions 2.8 and earlier
Splicecom iPCS (Android App) versions 1.8.5 and earlier
Description
A lack of SSL certificate validation allows attackers to eavesdrop on communications via a man-in-the-middle attack.
Recommendations
For Splicecom iPCS (iOS App) versions 1.3.4 and earlier, update to a version that includes SSL certificate validation.
For Splicecom iPCS2 (iOS App) versions 2.8 and earlier, update to a version that includes SSL certificate validation.
For Splicecom iPCS (Android App) versions 1.8.5 and earlier, update to a version that includes SSL certificate validation.
As a temporary workaround, consider restricting the use of the affected apps to minimize the risk of exploitation.
Exploit
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Splicecom Ipcs
Splicecom Ipcs2