CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2015-1454
https://notcve.org/view.php?id=CVE-2015-1454
Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate. Blue Coat ProxyClient anterior a 3.3.3.3 y 3.4.x anterior a 3.4.4.10 y Unified Agent anterior a 4.1.3.151952 no validan correctamente ciertos certificados, lo que permite a atacantes man-in-the-middle falsificar los gestores de clientes del proxy SG (ProxySG Client Managers), y como consecuencia modificar las configuraciones y ejecutar actualizaciones de software arbitrarias, a través de un certificado manipulado. • http://secunia.com/advisories/62617 https://bto.bluecoat.com/security-advisory/sa89 • CWE-310: Cryptographic Issues •