CVE-2015-6409

Published: Dec 26, 2015Modified: May 6, 2026

5.9

Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows man-in-the-middle attackers to conduct STARTTLS downgrade attacks and trigger cleartext XMPP sessions via unspecified vectors, aka Bug ID CSCuw87419.

Affected (1)

Products: Cisco: Jabber

Cisco

1 product

Jabber

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Jabber	Version 10.6(2)

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/79678

Source: psirt@cisco.com

http://www.securitytracker.com/id/1034540

Source: psirt@cisco.com

http://www.synacktiv.com/ressources/cisco_jabber_starttls_downgrade.pdf

Source: psirt@cisco.com

Third Party Advisory

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151224-jab

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/79678

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1034540

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.synacktiv.com/ressources/cisco_jabber_starttls_downgrade.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.