SynopsisThe remote device is potentially affected by multiple vulnerabilities.
DescriptionThe remote Blue Coat ProxySG device's SGOS self-reported version is 6.5 prior to 18.104.22.168 and, therefore, contains a bundled version of OpenSSL that contains multiple flaws. It is, therefore, potentially affected by the following vulnerabilities :
- An error exists in the function 'ssl3_read_bytes' that could allow data to be injected into other sessions or allow denial of service attacks. Note this issue is only exploitable if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2010-5298)
- An error exists in the function 'do_ssl3_write' that could allow a NULL pointer to be dereferenced leading to denial of service attacks. Note this issue is exploitable only if 'SSL_MODE_RELEASE_BUFFERS' is enabled. (CVE-2014-0198)
- An unspecified error exists that could allow an attacker to cause usage of weak keying material, leading to simplified man-in-the-middle attacks.
SolutionUpgrade to version 22.214.171.124 or later.