CVE-2015-6303

Cisco Spark 2015-07-04 - Exposure of Sensitive Information via Improper Certificate Validation

Title source: llm
STIX 2.1

Description

The Cisco Spark application 2015-07-04 for mobile operating systems does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCut36742 and CSCut36844.

References (1)

Core 1
Core References
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=41127

Scores

EPSS 0.0054
EPSS Percentile 41.3%

Details

CWE
CWE-200
Status published
Products (1)
cisco/spark 2015-07-04_base
Published Sep 24, 2015
Tracked Since Feb 18, 2026