Blue Coat ProxySG 6.2.x OpenSSL Security Bypass

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote device is potentially affected by a security bypass
vulnerability.

Description :

The remote Blue Coat ProxySG device's SGOS self-reported version is
6.2 prior to 6.2.15.6. It, therefore, contains a bundled version of
OpenSSL that has multiple flaws, meaning it is potentially affected by
an unspecified error that could allow an attacker to cause usage of
weak keying material leading to simplified man-in-the-middle attacks.

See also :

http://kb.bluecoat.com/index?page=content&id=SA80

Solution :

Upgrade to version 6.2.15.6 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Firewalls

Nessus Plugin ID: 76164 ()

Bugtraq ID: 67899

CVE ID: CVE-2014-0224