CVE-2008-1114

Published: Mar 3, 2008Modified: Apr 23, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Vocera Communications wireless handsets, when using Protected Extensible Authentication Protocol (PEAP), do not validate server certificates, which allows remote wireless access points to steal hashed passwords and conduct man-in-the-middle (MITM) attacks.

Affected (1)

Products: Vocera: Wireless Handset

1 product

Wireless Handset

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Vocera Wireless Handset	All versions

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://blogs.zdnet.com/security/?p=896

Source: cve@mitre.org

http://blogs.zdnet.com/security/?p=901

Source: cve@mitre.org

http://seclists.org/fulldisclosure/2008/Feb/0402.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/27935

Source: cve@mitre.org

http://www.vocera.com/downloads/InfrastructureGuide.pdf

Source: cve@mitre.org

http://blogs.zdnet.com/security/?p=896

Source: af854a3a-2127-422b-91ae-364da2661108

http://blogs.zdnet.com/security/?p=901

Source: af854a3a-2127-422b-91ae-364da2661108

http://seclists.org/fulldisclosure/2008/Feb/0402.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/27935

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vocera.com/downloads/InfrastructureGuide.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.