Blue Coat ProxyClient < 188.8.131.52 / 3.4.x < 184.108.40.206 Certificate Validation MitM
High Nessus Plugin ID 93401
SynopsisAn application installed on the remote host is affected by a man-in-the-middle vulnerability.
DescriptionThe version of Blue Coat ProxyClient installed on the remote Windows host is either prior to 220.127.116.11 or is 3.4.x prior to 18.104.22.168. It is, therefore, affected by a man-in-the-middle (MitM) vulnerability due to improper validation of the Client Manager certificate. A MitM attacker can exploit this, via a specially crafted certificate, to spoof ProxySG Client Managers, allowing the attacker to modify configurations and execute arbitrary software updates.
SolutionUpgrade to Blue Coat ProxyClient version 22.214.171.124 / 126.96.36.199 or later.