Last week, a user in Jordan reported seeing a fake certificate for torproject.org. The certificate was issued by a company called Cyberoam. The user’s connection was actually being intercepted by one of their DPI devices. All such devices share the same CA certificate and hence the same private key. It is possible to intercept traffic from any victim with any other DPI device – or to extract the key from the device and import it into other devices and use those for interception. Users with the Tor Browser Bundle are not affected.”]
Source: https://blog.torproject.org/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372