Security readout for executives and security teams
Plain-English summary
Cisco Intelligent Proximity can fail to properly verify an endpoint’s SSL certificate. If an attacker can sit between a vulnerable client and a Cisco video or collaboration endpoint, they may impersonate the endpoint and see or alter shared meeting content. Cloud-registered collaboration endpoints are stated as unaffected.
Executive priority
Treat this as a high-priority collaboration-security issue if the organization uses affected Cisco proximity features outside cloud-registered endpoints. The likely business risk is meeting-content exposure or manipulation, not service outage. Urgency depends on whether vulnerable clients and endpoints are present in production.
Technical view
The issue is CWE-295 certificate validation failure in Cisco Intelligent Proximity SSL handling. A forged certificate during a man-in-the-middle position can let an unauthenticated remote attacker impersonate a Cisco Webex video device or collaboration endpoint. Impact depends on endpoint configuration and includes presentation visibility, presentation modification, or call-control access.
Likely exposure
Exposure is most likely where Cisco Jabber IM for Android or Cisco Intelligent Proximity clients connect to on-premises Cisco Webex video devices or collaboration endpoints matching Cisco’s vulnerable-product conditions. The bundle does not provide affected version ranges. Cloud-registered collaboration endpoints are explicitly not affected.
Exploitation context
The source describes man-in-the-middle exploitation with a forged certificate. CVSS marks attack complexity high, with high confidentiality and integrity impact and no availability impact. The bundle and KEV flag do not provide evidence of active exploitation.
Researcher notes
The key research point is certificate trust failure, not endpoint authentication bypass by itself. Validate exposure through product/version mapping and endpoint configuration, not by attempting interception. The source bundle is incomplete on fixed versions and workarounds, so Cisco’s advisory remains the authoritative remediation reference.
Mitigation direction
- Check Cisco’s advisory for affected products, fixed releases, and any documented workarounds.
- Inventory Cisco Jabber IM for Android and Intelligent Proximity usage in collaboration environments.
- Confirm whether collaboration endpoints are cloud registered, which the source states are unaffected.
- Prioritize mitigation where presentation content or call controls are business-sensitive.
- Limit risky proximity workflows until vendor guidance is applied.
Validation and detection
- Compare deployed Cisco products and versions against Cisco’s vulnerable-products section.
- Identify endpoints using Intelligent Proximity with Cisco Webex video or collaboration devices.
- Confirm endpoint registration model, especially cloud-registered versus non-cloud-registered deployments.
- Review whether users connect over networks where interception risk is plausible.
- Document whether presentation sharing and call controls are enabled on affected endpoints.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-295: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupCVE-2020-3155 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 7.4 (3.0)
- Known Exploited
- No
- Published
Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N2.25.2Primary CVE scoreVulnerability scoring details
Base CVSS 3.0 score
7.4HighVector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Source materials
- CVE List V5 sourceCVE List V5
- 20200304 Cisco Intelligent Proximity SSL Certificate Validation VulnerabilityCVE reference · vendor-advisory, x_refsource_CISCO
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Improper Certificate Validation
Improper Certificate Validation represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
