CVE-2012-0334 — Improper Input Validation in Cisco Ironport WEB Security Appliance

CWE-20 — Improper Input Validation4 documents4 sources

Severity

6.4MEDIUMNVD

EPSS

0.1%

top 80.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Ironport WEB Security Appliance Cisco Ironport WEB Security Appliance Asyncos

Timeline

PublishedJan 15

Latest updateApr 23

Description

Cisco IronPort Web Security Appliance AsyncOS software prior to 7.5 has a SSL Certificate Caching vulnerability which could allow man-in-the-middle attacks

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/ironport_web_security_appliance_asyncosprior to 7.5

▶NVDcisco/ironport_web_security_appliance< 7.5

🔴Vulnerability Details

GHSA

GHSA-vwvh-jw4m-wvv2: Cisco IronPort Web Security Appliance AsyncOS software prior to 7↗2022-04-23

▶

CVEList

CVE-2012-0334: Cisco IronPort Web Security Appliance AsyncOS software prior to 7↗2020-01-15

▶

📋Vendor Advisories

Cisco

Cisco IronPort Web Security Appliance AsyncOS SSL Certificate Caching Vulnerability↗2012-04-12

▶