SSL Certificate Caching Vulnerability in Cisco Web Security Appliance
CVE-2012-0334

6.4MEDIUM

Key Information:

Vendor: Cisco
Status: Ironport Web Security Appliance Asyncos
Vendor: CVE Published:; 15 January 2020

What is CVE-2012-0334?

The Cisco IronPort Web Security Appliance, running AsyncOS software versions prior to 7.5, is susceptible to a vulnerability related to SSL certificate caching. This flaw could potentially allow attackers to intercept communications between clients and servers, leading to man-in-the-middle attacks. Such attacks could compromise the confidentiality and integrity of sensitive information, making it essential for organizations using the affected products to apply security updates promptly.

Affected Version(s)

IronPort Web Security Appliance AsyncOS prior to 7.5

References

http://www.securityfocus.com/bid/52981

x_refsource_MISC

https://tools.cisco.com/security/center/content/CiscoSecu...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Jan 4, 2012