Описание
The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:h:sourcefire:3d1000:*:*:*:*:*:*:*:*
cpe:2.3:h:sourcefire:3d2000:*:*:*:*:*:*:*:*
cpe:2.3:h:sourcefire:3d9900:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:h:sourcefire:dc1000:*:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00403
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-16
Связанные уязвимости
github
больше 3 лет назад
The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.
EPSS
Процентиль: 60%
0.00403
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-16