- Description
- The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 4.9
- Exploitability score
- 5.5
- Vector string
- AV:A/AC:M/Au:N/C:P/I:P/A:N
- nvd@nist.gov
- CWE-16
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sourcefire:3d1000:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "436CD187-D7EE-4510-8E69-928E5AA60652"
},
{
"criteria": "cpe:2.3:h:sourcefire:3d2000:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "96BD8C30-7CE0-4A10-A584-D536A0516464"
},
{
"criteria": "cpe:2.3:h:sourcefire:3d9900:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43A19CAD-5467-4C22-8D36-BC13619C3BF3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:sourcefire:dc1000:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "376A9BCB-5559-4F6A-9188-A8C457214527"
}
],
"operator": "OR"
}
]
}
]