| CVE ID | |
| CVSS SCORE | 7.7, AV:A/AC:L/Au:S/C:C/I:C/A:C |
| AFFECTED VENDORS |
Sourcefire Sourcefire Sourcefire Sourcefire |
| AFFECTED PRODUCTS |
3D Sensor 1000 3D Sensor 2000 3D Sensor 9900 Defense Center 1000 |
| VULNERABILITY DETAILS |
This vulnerability allows remote attackers to decrypt secure socket layer (SSL) communications directed to multiple Sourcefire products. The specific flaw exists within the reuse of private SSL keys for multiple devices and installations. The keypair is stored in /etc/ssl/server.crt and /etc/ssl/server.key. Disclosure of the private key allows an attacker to decrypt and monitor SSL communications with the target. |
| ADDITIONAL DETAILS |
Mitigation of this problem can be accomplished by replacing the static keys with custom keys. These instructions can be found in the installation guide for your product (available on the Sourcefire support site). https://support.sourcefire.com/notices/notice/1437 |
| DISCLOSURE TIMELINE |
|
| CREDIT | Anonymous |
