Lucene search

MitreCVE-2023-33757

HistoryJan 25, 2024 - 8:15 a.m.

CVE-2023-33757

2024-01-2508:15:08

CWE-295

mitre

web.nvd.nist.gov

cve-2023-33757

ssl

certificate validation

splicecom ipcs

ios

android

mitm

eavesdropping

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.

Affected configurations

Nvd

Node

splicecomipcsRange≤1.8.5android

splicecomipcsMatch1.3.4iphone_os

splicecomipcs2Range≤2.8iphone_os

VendorProductVersionCPE
splicecomipcs*cpe:2.3:a:splicecom:ipcs:*:*:*:*:*:android:*:*
splicecomipcs1.3.4cpe:2.3:a:splicecom:ipcs:1.3.4:*:*:*:*:iphone_os:*:*
splicecomipcs2*cpe:2.3:a:splicecom:ipcs2:*:*:*:*:*:iphone_os:*:*

Vendor	Product	Version	CPE
splicecom	ipcs	*	cpe:2.3:a:splicecom:ipcs::::::android::*
splicecom	ipcs	1.3.4	cpe:2.3:a:splicecom:ipcs:1.3.4:::::iphone_os::
splicecom	ipcs2	*	cpe:2.3:a:splicecom:ipcs2::::::iphone_os::*

References

github.com/twignet/splicecom

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

24.2%

JSON

Related for CVE-2023-33757