CVE-2012-3372 in Cyberoam Unified Threat Managementinfo

Summary

** DISPUTED ** The default configuration of Cyberoam UTM appliances uses the same Certification Authority certificate and same private key across different customers installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the presence of the Cyberoam_SSL_CA certificate in a list of trusted root certification authorities. NOTE: the vendor disputes the significance of this issue because the appliance "does not allow import or export of the foresaid private key."

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

06/14/2012

Disclosure

07/09/2012

Status

Confirmed

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
61224	Elitecore Cyberoam Unified Threat Management Default Configuration cryptographic issue	310	Not defined	Not defined	CVE-2012-3372

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

Sources

◂ PreviousOverviewNext ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!