Cyberoam · Cyberoam Utm · CVE-2012-3372
**Name of the Vulnerable Software and Affected Versions**
Cyberoam UTM appliances (affected versions not specified)
**Description**
The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations. This makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the `Cyberoam SSL CA` certificate in a list of trusted root certification authorities. The vendor disputes the significance of this issue, citing that the appliance does not allow import or export of the private key.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.