CVE-2010-2306

Summary

CVE	CVE-2010-2306
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2010-06-16 20:30:00 UTC
Updated	2018-10-10 19:59:00 UTC
Description	The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; and Defense Center 1000; uses the same static, private SSL keys for multiple devices and installations, which allows remote attackers to decrypt SSL traffic via a man-in-the-middle (MITM) attack.

Risk And Classification

Problem Types: CWE-16

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Sourcefire	3d1000	All	All	All	All
Hardware	Sourcefire	3d1000	All	All	All	All
Hardware	Sourcefire	3d2000	All	All	All	All
Hardware	Sourcefire	3d2000	All	All	All	All
Hardware	Sourcefire	3d9900	All	All	All	All
Hardware	Sourcefire	3d9900	All	All	All	All
Hardware	Sourcefire	Dc1000	All	All	All	All
Hardware	Sourcefire	Dc1000	All	All	All	All

References

Reference	Source	Link	Tags
SecurityTracker.com Archives - Sourcefire 3D Sensor and Defense Center Use Common Private SSL Keys	SECTRACK	www.securitytracker.com
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH	VUPEN	www.vupen.com	Vendor Advisory
IBM X-Force Exchange	XF	exchange.xforce.ibmcloud.com
Sourcefire 3D SSL Keys Security Issue - Advisories - Community	SECUNIA	secunia.com	Vendor Advisory
The page you were looking for doesn't exist (404)	MISC	support.sourcefire.com
SecurityFocus	BUGTRAQ	www.securityfocus.com
Zero Day Initiative	MISC	www.zerodayinitiative.com
65470	OSVDB	osvdb.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.