Cisco IronPort Web Security Appliance AsyncOS SSL Certificate Caching Vulnerability

2012-04-12T21:53:50
ID CISCO-SA-20120412-CVE-2012-0334
Type cisco
Reporter Cisco
Modified 2012-07-14T12:15:55

Description

Cisco IronPort Web Security Appliance AsyncOS software contains a vulnerability that could allow an unauthenticated, remote attacker to conduct man-in-the-middle attacks against a targeted system.

The vulnerability is in the insecure SSL implementation of the affected operating system due to improper handling of cached SSL and Transport Layer Security (TLS) certificates. The affected implementation improperly validates client-session traffic using cached certificates.

An unauthenticated, remote attacker could exploit the vulnerability by injecting a newly generated certificate into the server-side session. The attacker would then attempt to convince a targeted user to visit the previously visited domain and establish an SSL connection with the domain. A successful attack could allow the attacker to conduct a man-in-the-middle attack against the targeted user.

Cisco IronPort has confirmed the vulnerability and released software updates.

A successful attack would require the attacker to have access to a network that is adjacent to the targeted user's system. This requirement would limit the likelihood of an attack.

All Cisco IronPort devices are powered by the Cisco IronPort AsyncOS operating system. Additional details on all Cisco IronPort appliances are at the following link: Cisco IronPort AsyncOS["http://www.cisco.com/en/US/prod/vpndevc/ps10128/ps10154/asyncos_index.html"]