Cisco Bug: CSCuo29561 - WSA does not validate the SSL certificate of the LDAP server
Aug 06, 2018
- Cisco Web Security Appliance
Known Affected Releases
Symptom: A vulnerability in SSL certificate validation of Cisco WSA could allow an unauthenticated, remote attacker to stage successful man in the middle attack. The vulnerability is due to lack of SSL certificate validation for secure LDAP. An attacker could exploit this vulnerability by staging a man-in-the-middle attack when secure LDAP is enabled on an affected device. An exploit could allow the attacker to stage successful man in the middle attack. Conditions: secure LDAP is enabled on an affected device.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases