Vulnerability Details CVE-2015-6409
Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.0%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
- http://www.securityfocus.com/bid/79678
- http://www.securitytracker.com/id/1034540
- http://www.synacktiv.com/ressources/cisco_jabber_starttls_downgrade.pdf
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab
- http://www.securityfocus.com/bid/79678
- http://www.securitytracker.com/id/1034540
- http://www.synacktiv.com/ressources/cisco_jabber_starttls_downgrade.pdf