Multiple Vendor PEAP Certificate Verification Security Bypass Vulnerability
Multiple VoIP products are prone to a security-bypass vulnerability in their PEAP implementation because their software fails to properly validate server certificates.
Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks by impersonating trusted authentication servers. This will aid in further attacks.
The following products are prone to this issue:
- Vocera Communications System badges
- Cisco Wireless IP Phone 7921
Other devices and packages may also be affected.