First published: Wed Jan 15 2020(Updated: )
Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco IronPort Web Security Appliance | <=7.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for Cisco IronPort Web Security Appliance is CVE-2012-1326.
The severity of CVE-2012-1326 is high with a CVSS score of 7.4.
CVE-2012-1326 allows for MITM attacks by not validating the basic constraints of the certificate authority in Cisco IronPort Web Security Appliance up to and including version 7.5.
Cisco IronPort Web Security Appliance up to and including version 7.5 is affected by CVE-2012-1326.
To mitigate the vulnerability in Cisco IronPort Web Security Appliance, it is recommended to apply the latest security updates and patches provided by Cisco.