Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1454

Overview

Vulnerability Score 7.1 7.1
CVE Id CVE-2015-1454
Last Modified 04 Feb 2015 09:12:18
Published 02 Feb 2015 11:59:07
Confidentiality Impact NONE NONE
Integrity Impact COMPLETE COMPLETE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1454

Summary

Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.

Vulnerable Systems

Application

  • Bluecoat Proxyclient 3.3.3.2

  • Bluecoat Proxyclient 3.4.4.9

  • Bluecoat Unified Agent 4.1.3


References

CONFIRM - https://bto.bluecoat.com/security-advisory/sa89

SECUNIA - 62617


Last Updated: 27 May 2016 11:07:42