Vulnerabilities > CVE-2010-2306 - Configuration vulnerability in Sourcefire products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Hardware | 4 |
Common Weakness Enumeration (CWE)
References
- http://www.zerodayinitiative.com/advisories/ZDI-10-107/
- http://www.securitytracker.com/id?1024092
- http://osvdb.org/65470
- http://www.vupen.com/english/advisories/2010/1438
- http://secunia.com/advisories/40143
- https://support.sourcefire.com/notices/notice/1437
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59380
- http://www.securityfocus.com/archive/1/511792/100/0/threaded