CVE

Id
56615  
CVE No.
CVE-2012-3372  
Status
Candidate  
Description
** DISPUTED ** The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers" installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key."  
Phase
Assigned (20120614)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
586103 56615 CVE-2012-3372 BUGTRAQ:20120703 Cyberoam advisory  View
586104 56615 CVE-2012-3372 URL:http://archives.neohapsis.com/archives/bugtraq/2012-07/0021.html  View
586105 56615 CVE-2012-3372 MISC:http://blog.cyberoam.com/2012/07/ssl-bridging-cyberoam-approach/  View
586106 56615 CVE-2012-3372 MISC:http://www.theregister.co.uk/2012/07/07/cyberoam_tor_ssl_spying_flap/  View
586107 56615 CVE-2012-3372 MISC:https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
27378 JVNDB-2012-003085 VideoLAN VLC media player の OGG demuxer におけるヒープベースのバッファオーバーフローの脆弱性 VideoLAN VLC media player の OGG demuxer (modules/demux/ogg.c) 内の Ogg_DecodePacket 関数には、ヒープベースのバッファオーバーフローの脆弱性が存在します。 CVE-2012-3377 56615 6.8 http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-003085.html  View