Cisco Intelligent Proximity SSL Certificate Validation Vulnerability

Vulnerability

The vulnerability resides in the SSL implementation of the Cisco Intelligent Proximity solution. It affects the Cisco Intelligent Proximity application, Cisco Jabber, Cisco Webex Meetings, Cisco Webex Teams, and Cisco Meeting App when the Proximity feature is enabled and the client connects to on-premises devices. The root cause is the lack of validation of the SSL server certificate received during connection establishment to a Cisco Webex video device or collaboration endpoint. Cloud-registered endpoints are not affected [1].

Exploitation

An unauthenticated, remote attacker can exploit this vulnerability by performing a man-in-the-middle (MITM) attack on the traffic between an affected client and an endpoint. The attacker intercepts the communication and presents a forged certificate to impersonate the legitimate endpoint. No authentication or user interaction is required beyond the victim initiating a connection to the endpoint [1].

Impact

Successful exploitation allows the attacker to view or alter presentation content shared on the endpoint, modify any content being presented by the victim, or gain access to call controls. The specific impact depends on the endpoint configuration. This results in information disclosure and data manipulation [1].

Mitigation

Cisco has released software updates to address this vulnerability. There are no workarounds. Affected users should upgrade to the fixed versions as specified in the Cisco Security Advisory [1]. Cloud-registered endpoints are not affected and require no action.