Description
Cisco Unified Wireless IP Phone 7921, when using Protected Extensible Authentication Protocol (PEAP), does not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.
References (7)
Core 7
Core References
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=896
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2008/Feb/0449.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019494
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2008/Feb/0402.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/27935
Various Sources x_refsource_misc
http://blogs.zdnet.com/security/?p=901
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29082
Scores
EPSS
0.0089
EPSS Percentile
55.0%
Details
CWE
CWE-200
Status
published
Products (1)
vocera_communications/vocera_communications_badge
Published
Mar 03, 2008
Tracked Since
Feb 18, 2026