CVE Vulnerabilities

CVE-2010-2306

Published: Jun 16, 2010 | Modified: Oct 10, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:A/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.

Affected Software

Name Vendor Start Version End Version
3d2000 Sourcefire * *
3d9900 Sourcefire * *
3d1000 Sourcefire * *

References