CVE-2015-1454
Last modified
CVE-2015-1454 is a vulnerability of currently unknown severity. Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Bluecoat | Proxyclient | >= 3.3, < 3.3.3.3 |
| Bluecoat | Proxyclient | >= 3.4, < 3.4.4.10 |
| Bluecoat | Unified Agent | <= 4.1.3 |
References
- http://secunia.com/advisories/62617Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa89Vendor Advisory
- http://secunia.com/advisories/62617Third Party Advisory
- https://bto.bluecoat.com/security-advisory/sa89Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-1454?
How severe is CVE-2015-1454?
How do I fix CVE-2015-1454?
Are you affected by CVE-2015-1454?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST