MEDIUM🇵🇱 Wersja polska

CVE-2023-33757

CVSS 5.9v3.1pub. 2024-01-25upd. 2025-06-20

A lack of SSL certificate validation in Splicecom iPCS (iOS App) v1.3.4, iPCS2 (iOS App) v2.8 and before, and iPCS (Android App) v1.8.5 and before allows attackers to eavesdrop on communications via a man-in-the-middle attack.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Splicecom Ipcs

    APP
    Splicecom
    1.3.4≤ 1.8.5
  • Splicecom Ipcs2

    APP
    Splicecom
    ≤ 2.8
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2023-33759CRITICAL9.8PL ✓ten sam vendor

Splicecom Maximiser Soft PBX — brak ograniczenia prób uwierzytelnienia (brute force)

CVE-2023-33758MEDIUM6.1ten sam vendor

Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting (XSS) vulnerabil...

CVE-2023-33760MEDIUM5.3ten sam vendor

SpliceCom Maximiser Soft PBX v1.5 and before was discovered to utilize a default SSL certificate. This issue c...