PT-2015-5294 · Blue Coat · Blue Coat Unified Agent+2
Published
2015-02-02
·
Updated
2019-02-05
·
CVE-2015-1454
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Blue Coat ProxyClient versions prior to 3.3.3.3
Blue Coat ProxyClient versions 3.4.x prior to 3.4.4.10
Blue Coat Unified Agent versions prior to 4.1.3.151952
Description
The issue allows man-in-the-middle attackers to spoof ProxySG Client Managers by using a crafted certificate, due to improper validation of certain certificates. This can lead to modification of configurations and execution of arbitrary software updates.
Recommendations
For Blue Coat ProxyClient versions prior to 3.3.3.3, update to version 3.3.3.3 or later.
For Blue Coat ProxyClient versions 3.4.x prior to 3.4.4.10, update to version 3.4.4.10 or later.
For Blue Coat Unified Agent versions prior to 4.1.3.151952, update to version 4.1.3.151952 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blue Coat Proxyclient
Blue Coat Unified Agent
Proxysg