Cyberoam UTM自签名证书漏洞
Cyberoam UTM自签名证书漏洞
发布日期:2012-07-11
更新日期:2012-07-12
受影响系统:
cyberoam Cyberoam UTM
描述:
--------------------------------------------------------------------------------
CVE ID: CVE-2012-3372
Cyberoam Unified Threat Management可为家庭办公和远程分支办公提供的网络安全诊断操作。
Cyberoam UTM在多个设备上使用了同一个自签名和密钥的证书,中间人攻击者通过欺骗另一个 Cyberoam UTM设备截取和泄露加密的流量。
<*来源:Runa A
链接:http://secunia.com/advisories/49799/
https://media.torproject.org/misc/2012-07-03-cyberoam-CVE-2012-3372.txt
http://blog.cyberoam.com/2012/07/cyberoam%E2%80%99s-proactive-steps-in-https-deep-scan-inspection/
http://blog.cyberoam.com/2012/07/ssl-bridging-cyberoam-approach/
*>
建议:
--------------------------------------------------------------------------------
厂商补丁:
cyberoam
--------
cyberoam已经为此发布了一个安全公告
(cyberoam’s-proactive-steps-in-https-deep-scan-inspection)
以及相应补丁:
cyberoam’s-proactive-steps-in-https-deep-scan-inspection:Cyberoam’s Proactive Steps in HTTPS Deep Scan Inspection
链接:http://blog.cyberoam.com/2012/07/cyberoam%E2%80%99s-proactive-steps-in-https-deep-scan-inspection/
评论暂时关闭