Initial Publication Date: Advisory Status: Advisory Severity: CVSS Base Score:Legacy ID
23 Jan 2015 Closed High CVSS v2: 9.3 SA89
A flaw in the validation of the certificate presented by the ProxySG to the ProxyClient and Unified Agent can allow an attacker to pose as the legitimate ProxySG to deliver malicious executables and policy to clients.
The following products are vulnerable:
All versions of ProxyClient prior to 18.104.22.168 and 22.214.171.124 are vulnerable.
All versions of Unified Agent prior to 126.96.36.199952 are vulnerable when connecting to the Client Manager on ProxySG. Unified Agent connecting to ThreatPulse is not vulnerable.
ProxyClient 3.4 - a fix is available in 188.8.131.52.
ProxyClient 3.3 - a fix is available in 184.108.40.206.
ProxyClient 3.2 and prior - a fix will not be provided. Please upgrade to the latest ProxyClient release with the vulnerability fix.
Unified Agent 4.1 - a fix is available in 220.127.116.11952.
ProxyClient and Unified Agent connect to a Client Manager that resides on the ProxySG. The connection to the Client Manager is used to download new configuration and software updates to the client. The connection is secured using TLS/SSL and can be established over a corporate network or over a public network.
A flaw in the validation of the of the Client Manager certificate performed by the ProxyClient and the Unified agent could allow an attacker to pose as the Client Manager. An attacker could use this vulnerability to modify the configuration parameters of ProxyClient and Unified Agent, to deliver malicious web content to ProxyClient and Unified Agent, and to deliver malicious software updates to ProxyClient. An attacker potentially could use this flaw to gain full administrative acces to the client.
The Unified Agent is vulnerable only when connecting to the Client Manager on ProxySG. Unified Agent is not vulnerable when connecting to ThreatPulse. Connections from the Unified Agent to ThreatPulse are over a VPN, not over TLS/SSL.
This vulnerability was reported by Damien Cabrié. Thank you!
2015-02-13 Added URL for CVE number in References; marked as final
2015-02-09 Corrected CVE number
2015-02-02 CVE number assigned
2015-01-24 Clarified that Unified Agent is not vulnerable when connecting to ThreatPulse; Unified Agent is vulnerable only when connecting to the Client Manager on ProxySG.
2015-01-23 Initial public release
This is machine translated content
Login to Subscribe
Please login to set up your
Would you like to be subscribed to future notifications for this article?
For security reasons, your link to this document has expired. Please click on the attachment link to access this file.
The attachment that you are looking for no longer exists.
There has been an issue retrieving your attachment. Please try again.
Currently server is down.
Didn't find the article you were looking for? Try these resources.