Sign-up

ID

VAR-200803-0287


CVE

CVE-2008-1113


TITLE

Cisco Unified Wireless IP Phone 7921 Hashed password stealing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2008-005533

DESCRIPTION

Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks. Multiple VoIP products are prone to a security-bypass vulnerability in their PEAP implementation because their software fails to properly validate server certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted authentication servers. This will aid in further attacks. The following products are prone to this issue: - Vocera Communications System badges - Cisco Wireless IP Phone 7921 Other devices and packages may also be affected. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Download and test it today: https://psi.secunia.com/ Read more about this new version: https://psi.secunia.com/?page=changelog ---------------------------------------------------------------------- TITLE: Cisco IP Phone 7921 Insecure PEAP Implementation SECUNIA ADVISORY ID: SA29082 VERIFY ADVISORY: http://secunia.com/advisories/29082/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: >From local network OPERATING SYSTEM: Cisco IP Phone 7921 http://secunia.com/product/17833/ DESCRIPTION: A security issue has been reported in Cisco IP Phone 7921, which potentially can be exploited by malicious people to disclose sensitive information. The problem is that server certificates are not validated when using the PEAP protocol. This can be exploited to e.g. gain knowledge of authentication credentials when a user is tricked into connecting to a malicious authentication server. SOLUTION: The vendor is reportedly working on a update and recommends using EAP-TLS instead of PEAP. PROVIDED AND/OR DISCOVERED BY: Unknown researchers reported via ZDNet's Zero Day blog. OTHER REFERENCES: http://blogs.zdnet.com/security/?p=896 http://blogs.zdnet.com/security/?p=901 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.07

sources: NVD: CVE-2008-1113 // JVNDB: JVNDB-2008-005533 // BID: 27935 // VULHUB: VHN-31238 // PACKETSTORM: 64101

AFFECTED PRODUCTS

vendor:voceramodel:communications badgescope:eqversion:*

Trust: 1.0

vendor:voceramodel:communications badgescope: - version: -

Trust: 0.8

vendor:ciscomodel:7921 wireless ip phonescope: - version: -

Trust: 0.6

vendor:voceramodel:communications vocera communications badgescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wireless ip phonescope:eqversion:79210

Trust: 0.3

sources: BID: 27935 // JVNDB: JVNDB-2008-005533 // CNNVD: CNNVD-200803-006 // NVD: CVE-2008-1113

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2008-1113
value: HIGH

Trust: 1.0

NVD: CVE-2008-1113
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200803-006
value: HIGH

Trust: 0.6

VULHUB: VHN-31238
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2008-1113
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-31238
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-31238 // JVNDB: JVNDB-2008-005533 // CNNVD: CNNVD-200803-006 // NVD: CVE-2008-1113

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-31238 // JVNDB: JVNDB-2008-005533 // NVD: CVE-2008-1113

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200803-006

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200803-006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2008-005533

PATCH
title:Top Pageurl:http://www.vocera.com/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2008-005533

EXTERNAL IDS
db:NVDid:CVE-2008-1113
Trust: 2.8
db:BIDid:27935
Trust: 2.0
db:SECUNIAid:29082
Trust: 1.8
db:SECTRACKid:1019494
Trust: 1.7
db:JVNDBid:JVNDB-2008-005533
Trust: 0.8
db:CNNVDid:CNNVD-200803-006
Trust: 0.7
db:FULLDISCid:20080221 CISCO AND VOCERA WIRELESS LAN VOIP DEVICES DON'T CHECK CERTIFICATES
Trust: 0.6
db:FULLDISCid:20080223 CISCO CONFIRMS VULNERABILITY IN 7921 WI-FI IP PHONE
Trust: 0.6
db:VULHUBid:VHN-31238
Trust: 0.1
db:PACKETSTORMid:64101
Trust: 0.1
sources:
            
            
            VULHUB: VHN-31238 // 
            
            
            
            BID: 27935 // 
            
            
            
            JVNDB: JVNDB-2008-005533 // 
            
            
            
            PACKETSTORM: 64101 // 
            
            
            
            CNNVD: CNNVD-200803-006 // 
            
            
            
            NVD: CVE-2008-1113

REFERENCES
url:http://blogs.zdnet.com/security/?p=896
Trust: 2.1
url:http://blogs.zdnet.com/security/?p=901
Trust: 2.1
url:http://www.securityfocus.com/bid/27935
Trust: 1.7
url:http://seclists.org/fulldisclosure/2008/feb/0402.html
Trust: 1.7
url:http://seclists.org/fulldisclosure/2008/feb/0449.html
Trust: 1.7
url:http://securitytracker.com/id?1019494
Trust: 1.7
url:http://secunia.com/advisories/29082
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-1113
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-1113
Trust: 0.8
url:http://lists.grok.org.uk/pipermail/full-disclosure/2008-february/060406.html
Trust: 0.3
url:http://lists.grok.org.uk/pipermail/full-disclosure/2008-february/060453.html
Trust: 0.3
url:http://vocera.com/
Trust: 0.3
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:https://psi.secunia.com/?page=changelog
Trust: 0.1
url:https://psi.secunia.com/
Trust: 0.1
url:http://secunia.com/advisories/29082/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/product/17833/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-31238 // 
            
            
            
            BID: 27935 // 
            
            
            
            JVNDB: JVNDB-2008-005533 // 
            
            
            
            PACKETSTORM: 64101 // 
            
            
            
            CNNVD: CNNVD-200803-006 // 
            
            
            
            NVD: CVE-2008-1113

CREDITS
George Ou disclosed this issue.
Trust: 0.9
sources:
            
            
            BID: 27935 // 
            
            
            
            CNNVD: CNNVD-200803-006

SOURCES
db:VULHUBid:VHN-31238
db:BIDid:27935
db:JVNDBid:JVNDB-2008-005533
db:PACKETSTORMid:64101
db:CNNVDid:CNNVD-200803-006
db:NVDid:CVE-2008-1113

LAST UPDATE DATE
2025-04-10T23:22:24.195000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-31238date:2008-09-05T00:00:00
db:BIDid:27935date:2016-07-06T14:17:00
db:JVNDBid:JVNDB-2008-005533date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200803-006date:2008-09-05T00:00:00
db:NVDid:CVE-2008-1113date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:VULHUBid:VHN-31238date:2008-03-03T00:00:00
db:BIDid:27935date:2008-02-21T00:00:00
db:JVNDBid:JVNDB-2008-005533date:2012-12-20T00:00:00
db:PACKETSTORMid:64101date:2008-02-27T20:02:28
db:CNNVDid:CNNVD-200803-006date:2008-03-03T00:00:00
db:NVDid:CVE-2008-1113date:2008-03-03T18:44:00