Blue Coat Unified Agent < 126.96.36.199952 Certificate Validation MitM
High Nessus Plugin ID 93402
SynopsisAn application installed on the remote host is affected by a man-in-the-middle vulnerability.
DescriptionThe version of Blue Coat Unified Agent installed on the remote Windows host is prior to 188.8.131.52952. It is, therefore, affected by a man-in-the-middle (MitM) vulnerability due to improper validation of the Client Manager certificate. A MitM attacker can exploit this, via a specially crafted certificate, to spoof ProxySG Client Managers, allowing the attacker to modify configurations and execute arbitrary software updates.
SolutionUpgrade to Blue Coat Unified Agent version 184.108.40.206952 or later.