CVE-2012-1326 — Improper Input Validation in Cisco Ironport WEB Security Appliance

CWE-20 — Improper Input Validation4 documents4 sources

Severity

7.4HIGHNVD

EPSS

0.1%

top 66.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Ironport WEB Security Appliance

Timeline

PublishedJan 15

Latest updateApr 23

Description

Cisco IronPort Web Security Appliance up to and including 7.5 does not validate the basic constraints of the certificate authority which could lead to MITM attacks

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 2.2 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5cisco/ironport_web_security_appliance7.5

▶NVDcisco/ironport_web_security_appliance7.5

🔴Vulnerability Details

GHSA

GHSA-w257-7vc6-7c8q: Cisco IronPort Web Security Appliance up to and including 7↗2022-04-23

▶

CVEList

CVE-2012-1326: Cisco IronPort Web Security Appliance up to and including 7↗2020-01-15

▶

📋Vendor Advisories

Cisco

Cisco IronPort Web Security Appliance basicConstraints Parameter Processing Man-in-the-Middle Vulnerability↗2012-04-12

▶