A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NSplicecom Ipcs
APPSplicecom1.3.4≤ 1.8.5Splicecom Ipcs2
APPSplicecom≤ 2.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Related vulnerabilities
CVE-2023-33759CRITICAL9.8PL ✓ten sam vendor
Splicecom Maximiser Soft PBX — brak ograniczenia prób uwierzytelnienia (brute force)
CVE-2023-33758MEDIUM6.1ten sam vendor
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerabil...
CVE-2023-33760MEDIUM5.3ten sam vendor
SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue c...