Vulnerability Spotlight: SNIProxy contains remote code execution vulnerability

Keane O’Kelley of Cisco ASIG discovered this vulnerability.

Cisco ASIG recently discovered a remote code execution vulnerability in the SNIProxy open-source tool that occurs when the user utilizes wildcard backend hosts.

SNIProxy proxies incoming HTTP and TLS connections based on the hostname contained in the initial request of the TCP session. This open-source tool allows for users to carry out name-based proxying of HTTPS without decrypting traffic or needing a key or certificate.

Talos discovered a remote code execution vulnerability …

backend certificate cisco code code execution connections cve http https key name proxies proxying remote code remote code execution request session spotlight talos tcp tls tool traffic vulnerability vulnerability spotlight