Detections
Analytics
SSL Certificate Signed with the Publicly Known Cyberoam Key
medium Nessus Plugin ID 61447
Language:
Synopsis
The SSL certificate for this service was signed by a CA whose private key is public knowledge.Description
The X.509 certificate of the remote host was signed by a certificate belonging to a Certificate Authority (CA) found in Cyberoam devices. The private key corresponding to the CA was discovered and publicly disclosed, meaning that the remote host's X.509 certificate cannot be trusted.Solution
Configure the device to use a device-specific CA certificate.See Also
https://media.torproject.org/misc/2012-07-03-cyberoam-CVE-2012-3372.txt
http://www.nessus.org/u?ebc9c721
http://www.nessus.org/u?956bd276
http://blog.cyberoam.com/2012/07/ssl-bridging-cyberoam-approach/
Plugin Details
Severity: Medium
ID: 61447
File Name: ssl_cyberoam.nasl
Version: 1.7
Type: remote
Family: General
Published: 8/7/2012
Updated: 10/26/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: Medium
Base Score: 5.8
Temporal Score: 4.3
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N
Vulnerability Information
CPE: cpe:/h:elitecore:cyberoam_unified_threat_management
Required KB Items: SSL/Supported
Exploit Ease: No known exploits are available
Vulnerability Publication Date: 6/30/2012
Reference Information
CVE: CVE-2012-3372
BID: 54291