LiveActive security incident?Get immediate response
CVE Record

CVE-2020-3155: Cisco Intelligent Proximity SSL Certificate Validation Vulnerability

A vulnerability in the SSL implementation of the Cisco Intelligent Proximity solution could allow an unauthenticated, remote attacker to view or alter information shared on Cisco Webex video devices and Cisco collaboration endpoints if the products meet the conditions described in the Vulnerable Products section. The vulnerability is due to a lack of validation of the SSL server certificate received when establishing a connection to a Cisco Webex video device or a Cisco collaboration endpoint. An attacker could exploit this vulnerability by using man in the middle (MITM) techniques to intercept the traffic between the affected client and an endpoint, and then using a forged certificate to impersonate the endpoint. Depending on the configuration of the endpoint, an exploit could allow the attacker to view presentation content shared on it, modify any content being presented by the victim, or have access to call controls. This vulnerability does not affect cloud registered collaboration endpoints.

HighCVSS 7.4Not KEV-listedUpdated
Glexia's TakeAutomated analysishigh

Security readout for executives and security teams

Plain-English summary

Cisco Intelligent Proximity can fail to properly verify an endpoint’s SSL certificate. If an attacker can sit between a vulnerable client and a Cisco video or collaboration endpoint, they may impersonate the endpoint and see or alter shared meeting content. Cloud-registered collaboration endpoints are stated as unaffected.

Executive priority

Treat this as a high-priority collaboration-security issue if the organization uses affected Cisco proximity features outside cloud-registered endpoints. The likely business risk is meeting-content exposure or manipulation, not service outage. Urgency depends on whether vulnerable clients and endpoints are present in production.

Technical view

The issue is CWE-295 certificate validation failure in Cisco Intelligent Proximity SSL handling. A forged certificate during a man-in-the-middle position can let an unauthenticated remote attacker impersonate a Cisco Webex video device or collaboration endpoint. Impact depends on endpoint configuration and includes presentation visibility, presentation modification, or call-control access.

Likely exposure

Exposure is most likely where Cisco Jabber IM for Android or Cisco Intelligent Proximity clients connect to on-premises Cisco Webex video devices or collaboration endpoints matching Cisco’s vulnerable-product conditions. The bundle does not provide affected version ranges. Cloud-registered collaboration endpoints are explicitly not affected.

Exploitation context

The source describes man-in-the-middle exploitation with a forged certificate. CVSS marks attack complexity high, with high confidentiality and integrity impact and no availability impact. The bundle and KEV flag do not provide evidence of active exploitation.

Researcher notes

The key research point is certificate trust failure, not endpoint authentication bypass by itself. Validate exposure through product/version mapping and endpoint configuration, not by attempting interception. The source bundle is incomplete on fixed versions and workarounds, so Cisco’s advisory remains the authoritative remediation reference.

Mitigation direction

  • Check Cisco’s advisory for affected products, fixed releases, and any documented workarounds.
  • Inventory Cisco Jabber IM for Android and Intelligent Proximity usage in collaboration environments.
  • Confirm whether collaboration endpoints are cloud registered, which the source states are unaffected.
  • Prioritize mitigation where presentation content or call controls are business-sensitive.
  • Limit risky proximity workflows until vendor guidance is applied.

Validation and detection

  • Compare deployed Cisco products and versions against Cisco’s vulnerable-products section.
  • Identify endpoints using Intelligent Proximity with Cisco Webex video or collaboration devices.
  • Confirm endpoint registration model, especially cloud-registered versus non-cloud-registered deployments.
  • Review whether users connect over networks where interception risk is plausible.
  • Document whether presentation sharing and call controls are enabled on affected endpoints.
Prepared
Confidence
medium
Sources
3

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cwe · low confidence lookup

CWE-295: Exact CWE lookup

Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.

Open ATT&CK lookup
cve · low confidence lookup

CVE-2020-3155 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
High
CVSS
7.4 (3.0)
Known Exploited
No
Published

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

1CVSS vectors
0Timeline events
0ADP providers
2Source links

CVSS vector scores

1 official score

We collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.

ScoreVersionSeverityVectorExploitImpactSource
7.4CVSS 3.0HighCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N2.25.2Primary CVE score

Vulnerability scoring details

Base CVSS 3.0 score

7.4High
CVSS 3.0 vector shape for CVE-2020-3155Attack VectorAttack ComplexityPrivileges RequiredUser InteractionScopeConfidentiality ImpactIntegrity ImpactAvailability Impact

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Attack Vector
NetworkAdjacentLocalPhysical
Attack Complexity
LowHigh
Privileges Required
NoneLowHigh
User Interaction
NoneRequired
Scope
ChangedUnchanged
Confidentiality Impact
HighLowNone
Integrity Impact
HighLowNone
Availability Impact
HighLowNone

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
CiscoCisco Jabber IM for AndroidunspecifiedListed
Weakness

CWE details

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.

CWE-295 · source CWE mapping

Improper Certificate Validation

Improper Certificate Validation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.