Lucene search

[email protected]CVE-2015-1454

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2015-1454

2022-10-0316:15:49

CWE-310

[email protected]

web.nvd.nist.gov

blue coat proxyclient

unified agent

cve-2015-1454

man-in-the-middle attack

certificate validation

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.

Affected configurations

NVD

Node

bluecoatproxyclientRange3.3–3.3.3.3

bluecoatproxyclientRange3.4–3.4.4.10

Node

bluecoatunified_agentRange≤4.1.3

CPENameOperatorVersion
bluecoat:proxyclientbluecoat proxyclientlt3.3.3.3
bluecoat:proxyclientbluecoat proxyclientlt3.4.4.10

CPE	Name	Operator	Version
bluecoat:proxyclient	bluecoat proxyclient	lt	3.3.3.3
bluecoat:proxyclient	bluecoat proxyclient	lt	3.4.4.10

References

secunia.com/advisories/62617

bto.bluecoat.com/security-advisory/sa89

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:C/A:N

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.8%

JSON

Related for CVE-2015-1454

prion1 nessus3 nvd2 cvelist1 cve1