Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Blue Coat Fixes Several Flaws in SSL Visibility Appliance

Blue Coat has released a software update to address a total of four vulnerabilities affecting the web-based administration console (WebUI) of the company’s SSL Visibility Appliance.

Blue Coat has released a software update to address a total of four vulnerabilities affecting the web-based administration console (WebUI) of the company’s SSL Visibility Appliance.

The Blue Coat SSL Visibility Appliance is an encrypted traffic management platform that provides organizations complete visibility into encrypted traffic. The WebUI, which allows customers to configure and manage the product, is accessible to authorized administrators through an HTTPS connection to the dedicated management port.Blue Coat SSL Visibility Appliance

Vulnerabilities in the WebUI were discovered by Tim MalcomVetter from FishNet Security, who recently identified several security bugs in HP Network Automation.

The first vulnerability is a cross-site request forgery (CVE-2015-2852) that can be exploited by a remote attacker to gain access to the WebUI and perform various actions on behalf of an administrator. For the attack to work, the malicious actor must trick an administrator into visiting a specially crafted website.

The SSL Visibility Appliance’s WebUI is also vulnerable to clickjacking attacks due to improper validation of the request origin (CVE-2015-2854). Because the product doesn’t enforce the same origin policy in X-Frame Options response headers, an attacker can gain access to the administration console by tricking the admin into visiting a malicious website. If the targeted user is not authenticated, the attacker can trick them into authenticating by using hidden iframes, Blue Coat said in its advisory.

The WebUI is also vulnerable to cookie theft (CVE-2015-2855) and session fixation (CVE-2015-2853).

An attacker capable of sniffing network traffic can steal or manipulate an administrator’s cookie because these cookies don’t have HttpOnly and Secure flags set. The stolen cookie can then be used to impersonate the administrator.

The session fixation bug allows an attacker to hijack a user’s session by obtaining a valid session ID. Session IDs, which are set prior to authentication, can be obtained by an attacker because they are not invalidated or changed after authentication.

“A remote attacker’s access is limited by the capabilities granted to the administrator. The attacker can only perform operations in the WebUI that the administrator could perform. The WebUI can be used to read and modify information such as configuration, audit logs, authorized users, and the health and status of the appliance. It can also can be used to reboot the appliance,” Blue Coat wrote in its advisory.

Advertisement. Scroll to continue reading.

The vulnerabilities affect Blue Coat SSL Visibility Appliance SV800, SV1800, SV2800 and SV3800 running versions 3.6.x through 3.8.3 of SSL Visibility. Blue Coat has addressed the bugs with the release of SSL Visibility 3.8.4. The company has noted that fixes are not being provided for versions 3.8.2f and 3.7.4.

According to Blue Coat, potential attacks can also be prevented by limiting access to the SSL Visibility management port to trusted clients, allowing only known IP addresses to access the management port, assigning distinct roles to different types of administrators, and using ProxySG and WebPulse to block access to malicious websites from clients.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.