CVE-2014-5868
medium
Cisco CVSS v3 Base Score
5.4
AV:A/AC:M/Au:N/C:P/I:P/A:P
EPSS Score
0.2%
Exploitation probability in 30 days
Top 62% most likely to be exploited
Attack Characteristics
Attack Vector
Adjacent
Attack Complexity
M
Confidentiality
P
Integrity
P
Availability
P
Vulnerability Report
Generated by CyberWatcher
Description
The Cisco Technical Support (aka com.cisco.swtg_android) application 3.7.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.
CWE
CWE-310Affected Products
cisco cisco technical support