Vulnerabilities > CVE-2015-1454 - Cryptographic Issues vulnerability in Bluecoat Proxyclient and Unified Agent

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and Unified Agent before 4.1.3.151952 does not properly validate certain certificates, which allows man-in-the-middle attackers to spoof ProxySG Client Managers, and consequently modify configurations and execute arbitrary software updates, via a crafted certificate.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyWindows
    NASL idBLUECOAT_PROXYCLIENT_3_4_4_10.NASL
    descriptionThe version of Blue Coat ProxyClient installed on the remote Windows host is either prior to 3.3.3.3 or is 3.4.x prior to 3.4.4.10. It is, therefore, affected by a man-in-the-middle (MitM) vulnerability due to improper validation of the Client Manager certificate. A MitM attacker can exploit this, via a specially crafted certificate, to spoof ProxySG Client Managers, allowing the attacker to modify configurations and execute arbitrary software updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id93401
    published2016-09-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93401
    titleBlue Coat ProxyClient < 3.3.3.3 / 3.4.x < 3.4.4.10 Certificate Validation MitM
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93401);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id("CVE-2015-1454");
      script_bugtraq_id(73150);
      script_xref(name:"IAVA", value:"2016-A-0227");
    
      script_name(english:"Blue Coat ProxyClient < 3.3.3.3 / 3.4.x < 3.4.4.10 Certificate Validation MitM");
      script_summary(english:"Checks the version of ProxyClient.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by a
    man-in-the-middle vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Blue Coat ProxyClient installed on the remote Windows
    host is either prior to 3.3.3.3 or is 3.4.x prior to 3.4.4.10. It is,
    therefore, affected by a man-in-the-middle (MitM) vulnerability due to
    improper validation of the Client Manager certificate. A MitM attacker
    can exploit this, via a specially crafted certificate, to spoof
    ProxySG Client Managers, allowing the attacker to modify
    configurations and execute arbitrary software updates.");
      script_set_attribute(attribute:"see_also", value:"https://bto.bluecoat.com/security-advisory/sa89");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Blue Coat ProxyClient version 3.3.3.3 / 3.4.4.10 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1454");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:bluecoat:proxyclient");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("bluecoat_proxyclient_installed.nbin");
      script_require_keys("installed_sw/Blue Coat Systems ProxyClient");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    app = 'Blue Coat Systems ProxyClient';
    
    # Pull the installation information from the KB.
    install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
    
    path = install['path'];
    version = install['version'];
    
    if (version =~ '^3\\.4\\.')
      fix = '3.4.4.10';
    else
      fix = '3.3.3.3';
    
    if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
    {
      port = get_kb_item("SMB/transport");
      if (isnull(port))
        port = 445;
    
      items = make_array("Installed version", version,
                         "Fixed version", fix,
                         "Path", path
                        );
    
      order = make_list("Path", "Installed version", "Fixed version");
      report = report_items_str(report_items:items, ordered_fields:order);
    
      security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
      exit(0);
    
    }
    else
      audit(AUDIT_INST_PATH_NOT_VULN, app, version);
    
  • NASL familyWindows
    NASL idBLUECOAT_UNIFIED_AGENT_4_1_3_151952.NASL
    descriptionThe version of Blue Coat Unified Agent installed on the remote Windows host is prior to 4.1.3.151952. It is, therefore, affected by a man-in-the-middle (MitM) vulnerability due to improper validation of the Client Manager certificate. A MitM attacker can exploit this, via a specially crafted certificate, to spoof ProxySG Client Managers, allowing the attacker to modify configurations and execute arbitrary software updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id93402
    published2016-09-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93402
    titleBlue Coat Unified Agent < 4.1.3.151952 Certificate Validation MitM
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93402);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id("CVE-2015-1454");
      script_bugtraq_id(73150);
      script_xref(name:"IAVA", value:"2016-A-0227");
    
      script_name(english:"Blue Coat Unified Agent < 4.1.3.151952 Certificate Validation MitM");
      script_summary(english:"Checks the version of Unified Agent.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by a
    man-in-the-middle vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Blue Coat Unified Agent installed on the remote Windows
    host is prior to 4.1.3.151952. It is, therefore, affected by a
    man-in-the-middle (MitM) vulnerability due to improper validation of
    the Client Manager certificate. A MitM attacker can exploit this, via
    a specially crafted certificate, to spoof ProxySG Client Managers,
    allowing the attacker to modify configurations and execute arbitrary
    software updates.");
      script_set_attribute(attribute:"see_also", value:"https://bto.bluecoat.com/security-advisory/sa89");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Blue Coat Unified Agent version 4.1.3.151952 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1454");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:bluecoat:unified_agent");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Windows");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("bluecoat_unified_agent_installed.nbin");
      script_require_keys("installed_sw/Blue Coat Systems Unified Agent");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    app = 'Blue Coat Systems Unified Agent';
    
    # Pull the installation information from the KB.
    install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
    
    path = install['path'];
    version = install['version'];
    
    fix = '4.1.3.151952';
    
    if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
    {
      port = get_kb_item("SMB/transport");
      if (isnull(port))
        port = 445;
    
      items = make_array("Installed version", version,
                         "Fixed version", fix,
                         "Path", path
                        );
    
      order = make_list("Path", "Installed version", "Fixed version");
      report = report_items_str(report_items:items, ordered_fields:order);
    
      security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
      exit(0);
    
    }
    else
      audit(AUDIT_INST_PATH_NOT_VULN, app, version);
    
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_BLUECOAT_PROXYCLIENT_3_4_4_10.NASL
    descriptionThe version of Blue Coat ProxyClient installed on the remote Windows host is either prior to 3.3.3.3 or is 3.4.x prior to 3.4.4.10. It is, therefore, affected by a man-in-the-middle (MitM) vulnerability due to improper validation of the Client Manager certificate. A MitM attacker can exploit this, via a specially crafted certificate, to spoof ProxySG Client Managers, allowing the attacker to modify configurations and execute arbitrary software updates.
    last seen2020-06-01
    modified2020-06-02
    plugin id93404
    published2016-09-09
    reporterThis script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/93404
    titleBlue Coat ProxyClient < 3.3.3.3 / 3.4.x < 3.4.4.10 Certificate Validation MitM
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(93404);
      script_version("1.6");
      script_cvs_date("Date: 2019/11/14");
    
      script_cve_id("CVE-2015-1454");
      script_bugtraq_id(73150);
      script_xref(name:"IAVA", value:"2016-A-0227");
    
      script_name(english:"Blue Coat ProxyClient < 3.3.3.3 / 3.4.x < 3.4.4.10 Certificate Validation MitM");
      script_summary(english:"Checks the version of ProxyClient.");
    
      script_set_attribute(attribute:"synopsis", value:
    "An application installed on the remote host is affected by a
    man-in-the-middle vulnerability.");
      script_set_attribute(attribute:"description", value:
    "The version of Blue Coat ProxyClient installed on the remote Windows
    host is either prior to 3.3.3.3 or is 3.4.x prior to 3.4.4.10. It is,
    therefore, affected by a man-in-the-middle (MitM) vulnerability due to
    improper validation of the Client Manager certificate. A MitM attacker
    can exploit this, via a specially crafted certificate, to spoof
    ProxySG Client Managers, allowing the attacker to modify
    configurations and execute arbitrary software updates.");
      script_set_attribute(attribute:"see_also", value:"https://bto.bluecoat.com/security-advisory/sa89");
      script_set_attribute(attribute:"solution", value:
    "Upgrade to Blue Coat ProxyClient version 3.3.3.3 / 3.4.4.10 or later.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:C/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-1454");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2015/01/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2015/01/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/09/09");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:bluecoat:proxyclient");
      script_set_attribute(attribute:"stig_severity", value:"I");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"MacOS X Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2016-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("macosx_bluecoat_proxyclient_installed.nbin");
      script_require_keys("installed_sw/ProxyClientUI");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("install_func.inc");
    
    app = 'ProxyClientUI';
    
    # Pull the installation information from the KB.
    install = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);
    
    path = install['path'];
    version = install['version'];
    
    if (version =~ '^3\\.4\\.')
      fix = '3.4.4.10';
    else
      fix = '3.3.3.3';
    
    if (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)
    {
      port = get_kb_item("SMB/transport");
      if (isnull(port))
        port = 445;
    
      items = make_array("Installed version", version,
                         "Fixed version", fix,
                         "Path", path
                        );
    
      order = make_list("Path", "Installed version", "Fixed version");
      report = report_items_str(report_items:items, ordered_fields:order);
    
      security_report_v4(port:port, extra:report, severity:SECURITY_HOLE);
      exit(0);
    
    }
    else
      audit(AUDIT_INST_PATH_NOT_VULN, app, version);