CVE-2015-1454

Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:C/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
bluecoatproxyclient
3.3 ≤
𝑥
< 3.3.3.3
bluecoatproxyclient
3.4 ≤
𝑥
< 3.4.4.10
bluecoatunified_agent
𝑥
≤ 4.1.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/62617
https://bto.bluecoat.com/security-advisory/sa89
http://secunia.com/advisories/62617
https://bto.bluecoat.com/security-advisory/sa89