SA127 : PacketShaper S-Series Insecure Cryptographic Parameters

SA127 : PacketShaper S-Series Insecure Cryptographic Parameters

SYMSA1369 June 24th, 2016 https://www.symantec.com/docs/SYMSA1369
Support / SA127 : PacketShaper S-Series Insecure Cryptographic Parameters
Was this article helpful?

Thank you for your feedback!

Provide feedback on this article

Thank you for your feedback!
Print Article
Related Products
Subscribe to this Article
Manage your Subscriptions
Search Again
Security Advisory ID SYMSA1369

Initial Publication Date:
Advisory Status:
Advisory Severity:
CVSS Base Score: Legacy ID

24 Jun 2016
Closed
Medium
CVSS v2: 6.9
SA127

Summary

The HTTPS web UI in PacketShaper S-Series 11.5 may use insecure cryptographic parameters for incoming management connections.  A remote attacker who can be a man-in-the-middle, under certain circumstances, may be able to exploit this vulnerability to obtain user authentication credentials.  The attacker can then view/modify appliance configuration and view appliance statistics.

Affected Products

PacketShaper S-Series
CVE Affected Version(s) Remediation
All CVEs 11.6 and later Not vulnerable, fixed in 11.6.1.1
11.5 Upgrade to 11.5.3.2.
11.2 - 11.4 Not vulnerable

Additional Product Information

The HTTPS server in PacketShaper S-Series provides access to the appliance’s web-based Blue Coat Sky UI and Advanced UI.  Blue Coat recommends that the PacketShaper S-Series appliance be deployed in a secure network that restricts access to the appliance management network interfaces.  Authenticated users who have access to the management interfaces can access the web UI to perform management tasks, such as to modify appliance settings, configure the traffic classification policy, monitor network usage, and generate reports.

This vulnerability can be exploited only through the PacketShaper S-Series management interfaces.  If the appliance management network interfaces are not deployed in a secure network, this increases the threat of exploiting the vulnerability.

Issues

CVE-2016-5774
Severity / CVSSv2 Medium / 6.9 (AV:A/AC:M/Au:N/C:P/I:P/A:C)
References SecurityFocus: BID 91455 / NVD: CVE-2016-5774
Impact Information disclosure, unauthorized modification of data
Description It was found that the HTTPS server in PacketShaper S-Series 11.5 may use insecure cryptographic parameters for incoming encrypted SSL/TLS connections.  A remote attacker who can be a man-in-the-middle, under certain circumstances, may be able to exploit this vulnerability to obtain user authentication credentials and other sensitive information.  The attacker can then use the authentication credentials to view or modify the appliance configuration and statistics provided by the web UI and CLI.

Acknowledgements

Thanks to Kristen Petra Dorey from Western University for reporting the vulnerability.

Revisions

2016-06-24 initial public release

Legacy ID

SA127

Terms of use for this information are found in Legal Notices.

Translated Content

This is machine translated content

Didn't find the article you were looking for? Try these resources.

Supported Products A-Z

Get support for your product, with downloads, knowledge base articles, documentation, and more.

Education Services

Maximize your product competency and validate technical knowledge to gain the most benefit from your IT investments.

Submit a Threat

Submit a suspected infected file to Symantec.

Submit a False Positive

Report a suspected erroneous detection (false positive).

Need Help with Endpoint Protection?

Set default language

Do you wish to save this as your future site?