CVE-2015-4288

Published: Jul 29, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The LDAP implementation on the Cisco Web Security Appliance (WSA) 8.5.0-000, Email Security Appliance (ESA) 8.5.7-042, and Content Security Management Appliance (SMA) 8.3.6-048 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate, aka Bug IDs CSCuo29561, CSCuv40466, and CSCuv40470.

Affected (3)

Products: Cisco: Web Security Appliance, Email Security Appliance, Content Security Management Appliance

3 products

Web Security Appliance

Email Security Appliance

Content Security Management Appliance

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Web Security Appliance	Version 8.5.0-000

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Email Security Appliance	Version 8.5.7-042

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Cisco Content Security Management Appliance	Version 8.3.6-048

Related CWEs

References (2)

http://tools.cisco.com/security/center/viewAlert.x?alertId=40137

Source: psirt@cisco.com

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=40137

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.