CVE-2012-3372

Name of the Vulnerable Software and Affected Versions Cyberoam UTM appliances (affected versions not specified)

Description The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations. This makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam SSL CA certificate in a list of trusted root certification authorities. The vendor disputes the significance of this issue, citing that the appliance does not allow import or export of the private key.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.