Vulnerability Details : CVE-2023-33757
Potential exploit
A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.
Products affected by CVE-2023-33757
- cpe:2.3:a:splicecom:ipcs:*:*:*:*:*:android:*:*
- cpe:2.3:a:splicecom:ipcs:1.3.4:*:*:*:*:iphone_os:*:*
- cpe:2.3:a:splicecom:ipcs2:*:*:*:*:*:iphone_os:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33757
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 45 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33757
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.9
|
MEDIUM | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
2.2
|
3.6
|
NIST | 2024-01-31 |
CWE ids for CVE-2023-33757
-
The product does not validate, or incorrectly validates, a certificate.Assigned by: nvd@nist.gov (Primary)
References for CVE-2023-33757
-
https://github.com/twignet/splicecom
GitHub - twignet/splicecom: Splicecom Vulnerabilities and ToolsExploit;Third Party Advisory
Jump to