Release date:
Updated on:
Affected Systems:
Cyberoam Cyberoam UTM
Description:
--------------------------------------------------------------------------------
Cve id: CVE-2012-3372
Cyberoam Unified Threat Management can be used to diagnose network security in the Home Office and remote branch office.
Cyberoam UTM uses the same self-Signed and key certificate on multiple devices. Man-in-the-middle attackers intercept and leak encrypted traffic by deceiving another Cyberoam UTM device.
<* Source: Runa
Link: http://secunia.com/advisories/49799/
Https://media.torproject.org/misc/2012-07-03-cyberoam-CVE-2012-3372.txt
Http://blog.cyberoam.com/2012/07/cyberoam%E2%80%99s-proactive-steps-in-https-deep-scan-inspection/
Http://blog.cyberoam.com/2012/07/ssl-bridging-cyberoam-approach/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Cyberoam
--------
Cyberoam has released a Security Bulletin
(Cyberoam's-proactive-steps-in-https-deep-scan-inspection)
And corresponding patches:
Cyberoam's-proactive-steps-in-https-deep-scan-inspection: Cyberoam's Proactive Steps in HTTPS Deep Scan Inspection
Link: http://blog.cyberoam.com/2012/07/cyberoam%E2%80%99s-proactive-steps-in-https-deep-scan-inspection/