CVE-2012-1316 β€” Improper Certificate Validation in Cisco Ironport WEB Security Appliance

CWE-295 β€” Improper Certificate Validation3 documents3 sources
Severity
5.9MEDIUMNVD
EPSS
0.2%
top 57.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Ironport WEB Security Appliance
Timeline
PublishedJan 15
Latest updateApr 23

Description

Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages1 packages

β–ΆCVEListV5cisco/ironport_web_security_appliancethrough at least 2012-04-11

πŸ”΄Vulnerability Details

2
GHSA
GHSA-mp65-95xh-r2ch: Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks↗2022-04-23
β–Ά
CVEList
CVE-2012-1316: Cisco IronPort Web Security Appliance does not check for certificate revocation which could lead to MITM attacks↗2020-01-15
β–Ά
CVE-2012-1316 β€” Improper Certificate Validation | cvebase