Vulnerability Description
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
CVSS Score
7.4
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Ironport Web Security Appliance | <= 7.5 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/52981Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-2Vendor Advisory
- http://www.securityfocus.com/bid/52981Third Party AdvisoryVDB Entry
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-2Vendor Advisory
FAQ
What is CVE-2012-1326?
CVE-2012-1326 is a vulnerability with a CVSS score of 7.4 (HIGH). Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
How severe is CVE-2012-1326?
CVE-2012-1326 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-1326?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Ironport Web Security Appliance.