Sign-up

ID

VAR-201208-0140


CVE

CVE-2012-2490


TITLE

Cisco IP Communicator Vulnerabilities in changing certificate trust lists

Trust: 0.8

sources: JVNDB: JVNDB-2012-003464

DESCRIPTION

Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify the Certificate Trust List via unspecified vectors, aka Bug ID CSCtz01471. Cisco IP Communicator is prone to a security-bypass vulnerability. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which may aid in further attacks. IP Communicator 8.6 is vulnerable

Trust: 1.98

sources: NVD: CVE-2012-2490 // JVNDB: JVNDB-2012-003464 // BID: 54850 // VULHUB: VHN-55771

AFFECTED PRODUCTS

vendor:ciscomodel:ip communicatorscope:eqversion:8.6

Trust: 2.4

sources: JVNDB: JVNDB-2012-003464 // CNNVD: CNNVD-201208-032 // NVD: CVE-2012-2490

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2490
value: MEDIUM

Trust: 1.0

NVD: CVE-2012-2490
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201208-032
value: MEDIUM

Trust: 0.6

VULHUB: VHN-55771
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2012-2490
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-55771
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55771 // JVNDB: JVNDB-2012-003464 // CNNVD: CNNVD-201208-032 // NVD: CVE-2012-2490

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-55771 // JVNDB: JVNDB-2012-003464 // NVD: CVE-2012-2490

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-032

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201208-032

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003464

PATCH
title:Release Notes for Cisco IP Communicator Release 8.6url:http://www.cisco.com/en/US/docs/voice_ip_comm/cipc/8_5/english/release_notes/CIPC8x_RN.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003464

EXTERNAL IDS
db:NVDid:CVE-2012-2490
Trust: 2.8
db:JVNDBid:JVNDB-2012-003464
Trust: 0.8
db:CNNVDid:CNNVD-201208-032
Trust: 0.7
db:NSFOCUSid:20257
Trust: 0.6
db:BIDid:54850
Trust: 0.4
db:VULHUBid:VHN-55771
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55771 // 
            
            
            
            BID: 54850 // 
            
            
            
            JVNDB: JVNDB-2012-003464 // 
            
            
            
            CNNVD: CNNVD-201208-032 // 
            
            
            
            NVD: CVE-2012-2490

REFERENCES
url:http://www.cisco.com/en/us/docs/voice_ip_comm/cipc/8_5/english/release_notes/cipc8x_rn.html
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2490
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2490
Trust: 0.8
url:http://www.nsfocus.net/vulndb/20257
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-55771 // 
            
            
            
            BID: 54850 // 
            
            
            
            JVNDB: JVNDB-2012-003464 // 
            
            
            
            CNNVD: CNNVD-201208-032 // 
            
            
            
            NVD: CVE-2012-2490

CREDITS
Vendor reported the issue.
Trust: 0.3
sources:
            
            
            BID: 54850

SOURCES
db:VULHUBid:VHN-55771
db:BIDid:54850
db:JVNDBid:JVNDB-2012-003464
db:CNNVDid:CNNVD-201208-032
db:NVDid:CVE-2012-2490

LAST UPDATE DATE
2025-04-11T23:19:34.428000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-55771date:2012-08-07T00:00:00
db:BIDid:54850date:2012-08-07T00:00:00
db:JVNDBid:JVNDB-2012-003464date:2012-08-08T00:00:00
db:CNNVDid:CNNVD-201208-032date:2012-08-07T00:00:00
db:NVDid:CVE-2012-2490date:2025-04-11T00:51:21.963

SOURCES RELEASE DATE
db:VULHUBid:VHN-55771date:2012-08-06T00:00:00
db:BIDid:54850date:2012-08-07T00:00:00
db:JVNDBid:JVNDB-2012-003464date:2012-08-08T00:00:00
db:CNNVDid:CNNVD-201208-032date:2012-08-07T00:00:00
db:NVDid:CVE-2012-2490date:2012-08-06T17:55:01.057