OpenSSL Vulnerabilities Sep 2020 - Feb 2021

Summary Symantec Network and Information Security NIS products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A remote attacker may be able to decrypt encrypted communication from an SSL/TLS connection, downgrade a newly established SSL/TLS connection to SSLv2,...

OpenSSL Vulnerabilities Sep 2019 – Apr 2020

Summary Symantec Web Security Group WSG products using affected versions of OpenSSL may be susceptible to multiple vulnerabilities. A local or remote attacker can obtain private key or other secret key information. A remote attacker can also cause denial of service. Affected Products The followin...

CVE-2017-15533

Symantec SSL Visibility SSLV 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, and 3.12 prior to 3.12.2.1 are vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. All affected SSLV versions act as weak oracles according the oracle classification used in the ROBOT research paper. A remo...

Session fixation

Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the Bleichenbacher Oracle Threat ROBOT attack. A remote attacker, who has captured a pre-recorded SSL session inspected by SSLV, can establish large numbers of crafted SSL connections to the target and obtain the session keys required...

CVE-2017-15533

CVE-2017-15533 is tied to Symantec SSL Visibility (SSLV) affecting versions 3.8.4FC, 3.10 before 3.10.4.1, 3.11, and 3.12 before 3.12.2.1. The vulnerability is a variation of the Bleichenbacher/ROBOT padding oracle attack, where a remote attacker who has a pre-recorded SSL session can perform mil...

SA165: NTP Vulnerabilities February 2018

SUMMARY Symantec Network Protection products using affected versions of the NTP reference implementation from ntp.org are susceptible to multiple vulnerabilities. A remote attacker can exploit these vulnerabilities to execute arbitrary code, modify the target's system time, prevent the target fro...

Denial of service

Symantec SSL Visibility SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connecti...

CVE-2016-10259

Symantec SSL Visibility SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1 is susceptible to a denial-of-service vulnerability that impacts the SSL servers for intercepted SSL connections. A malicious SSL client can, under certain circumstances, temporarily exhaust the TCP connecti...

CVE-2016-10259

Symantec SSL Visibility (SSLV) is affected by CVE-2016-10259. Affected versions: SSLV 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and 3.11 before 3.11.3.1. Description: under certain conditions, a malicious SSL client can cause the SSL server’s TCP connection pool to be exhausted, leading to a denial of ...

SA142 : Invalid TCP Packet Generation DoS in SSL Visibility

SUMMARY The SSL Visibility appliance may, under certain circumstances, generate invalid TCP reset RST packets to remote SSL servers when terminating an intercepted SSL connection. Some SSL servers may ignore the invalid RST packet received and keep the TCP connection open. A malicious SSL client,...