A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NSplicecom Ipcs
APPSplicecom1.3.4≤ 1.8.5Splicecom Ipcs2
APPSplicecom≤ 2.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Powiązane podatności
CVE-2023-33759CRITICAL9.8PL ✓ten sam vendor
Splicecom Maximiser Soft PBX — brak ograniczenia prób uwierzytelnienia (brute force)
CVE-2023-33758MEDIUM6.1ten sam vendor
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerabil...
CVE-2023-33760MEDIUM5.3ten sam vendor
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue c...