Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2015-6358

A vulnerability in the cryptographic implementation of multiple Cisco products could allow an unauthenticated, remote attacker to make use of hard-coded certificate and keys embedded within the firmware of the affected device. The vulnerability is due to the lack of unique key and certificate generation within affected appliances. An attacker could exploit this vulnerability by using the static information to conduct man-in-the-middle attacks to decrypt confidential information on user connections. This is an attack on the client attempting to access the device and does not compromise the device itself. To exploit the issue, an attacker needs not only the public and private key pair, but also a privileged position in the network that would allow the attacker to monitor the traffic between client and server, intercept the traffic, and modify or inject the attacker's own traffic. There are no workarounds that address this vulnerability. Cisco has not released software updates that address this vulnerability. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci

Source

Summary

A vulnerability in the cryptographic implementation of multiple Cisco products could allow an unauthenticated, remote attacker to make use of hard-coded certificate and keys embedded within the firmware of the affected device.

The vulnerability is due to the lack of unique key and certificate generation within affected appliances. An attacker could exploit this vulnerability by using the static information to conduct man-in-the-middle attacks to decrypt confidential information on user connections.

This is an attack on the client attempting to access the device and does not compromise the device itself. To exploit the issue, an attacker needs not only the public and private key pair, but also a privileged position in the network that would allow the attacker to monitor the traffic between client and server, intercept the traffic, and modify or inject the attacker's own traffic. There are no workarounds that address this vulnerability.

Cisco has not released software updates that address this vulnerability.

This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci

Affected Products

Vulnerable Products
The following products are vulnerable:

RV320 Dual Gigabit WAN VPN Router

RV325 Dual Gigabit WAN VPN Router

RVS4000 4-port Gigabit Security Router - VPN

WRV210 Wireless-G VPN Router - RangeBooster

WAP4410N Wireless-N Access Point - PoE/Advanced Security

WRV200 Wireless-G VPN Router - RangeBooster

WRVS4400N Wireless-N Gigabit Security Router - VPN V2.0

WAP200 Wireless-G Access Point - PoE/Rangebooster

WVC2300 Wireless-G Business Internet Video Camera - Audio

PVC2300 Business Internet Video Camera - Audio/PoE

SRW224P 24-port 10/100 + 2-port Gigabit Switch - WebView/PoE

WET200 Wireless-G Business Ethernet Bridge

WAP2000 Wireless-G Access Point - PoE

WAP4400N Wireless-N Access Point - PoE

RV120W Wireless-N VPN Firewall

RV180 VPN Router

RV180W Wireless-N Multifunction VPN Router

RV315W Wireless-N VPN Router

Small Business SRP520 Models

Small Business SRP520-U Models

WRP500 Wireless-AC Broadband Router with 2 Phone Ports

SPA400 Internet Telephony Gateway with 4 FXO Ports

RTP300 Broadband Router

RV220W Wireless Network Security Firewall
Products Confirmed Not Vulnerable

No other Cisco products are currently known to be affected by this vulnerability.

Workarounds

There are no workarounds that address this vulnerability. As a mitigation, customers may want to restrict access to the device's administrative interfaces over SSH and HTTPS to a known, trusted subset of IP addresses.

Fixed Software

Cisco provides information about fixed software in Cisco bugs, which are accessible through the Cisco Bug Search Tool.

When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.

In all cases, customers should ensure that the devices to upgrade contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

• RV320 Dual Gigabit WAN VPN Router: Firmware version 1.3.1.12 available
• RV325 Dual Gigabit WAN VPN Router: Firmware version 1.3.1.12 available
• RVS4000 4-port Gigabit Security Router - VPN: No fix will be provided
• WRV210 Wireless-G VPN Router - RangeBooster: No fix will be provided
• WAP4410N Wireless-N Access Point - PoE/Advanced Security: No fix will be provided
• WRV200 Wireless-G VPN Router - RangeBooster: No fix will be provided
• WRVS4400N Wireless-N Gigabit Security Router - VPN V2.0: No fix will be provided
• WAP200 Wireless-G Access Point - PoE/Rangebooster: No fix will be provided
• WVC2300 Wireless-G Business Internet Video Camera - Audio: No fix will be provided
• PVC2300 Business Internet Video Camera - Audio/PoE: No fix will be provided
• SRW224P 24-port 10/100 + 2-port Gigabit Switch - WebView/PoE: No fix will be provided
• WET200 Wireless-G Business Ethernet Bridge: No fix will be provided
• WAP2000 Wireless-G Access Point - PoE: No fix will be provided
• WAP4400N Wireless-N Access Point - PoE: No fix will be provided
• RV120W Wireless-N VPN Firewall: No fix will be provided
• RV180 VPN Router: No fix will be provided: No fix will be provided
• RV180W Wireless-N Multifunction VPN Router: No fix will be provided
• RV315W Wireless-N VPN Router: No fix will be provided
• Small Business SRP520 Models: No fix will be provided
• Small Business SRP520-U Models: No fix will be provided
• WRP500 Wireless-AC Broadband Router: Fix resolved in an Engineering Special (ES). Cisco TAC should be contacted for further information.
• SPA400 Internet Telephony Gateway with 4 FXO Ports: No fix will be provided
• RTP300 Broadband Router: No fix will be provided
• RV220W Wireless Network Security Firewall: No fix will be provided

Exploitation and Public Announcements

The Cisco Product Security Incident Response Team (PSIRT) is aware the vulnerability described in this advisory has been publicly disclosed by Stefan Viehböck from SEC Consult Vulnerability Lab. The Cisco PSIRT is not aware of any malicious exploitation of this vulnerability.

Source

Cisco would like to thank Stefan Viehböck from SEC Consult Vulnerability Lab for discovering and reporting this vulnerability.

Cisco Security Vulnerability Policy

To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.

Subscribe to Cisco Security Notifications

Subscribe

URL

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci

Revision History

Version	Description	Section	Status	Date
1.4	Updated Fixed Software to include information on an Engineering Special (ES).	Fixed Software	Final	2016-September-20
1.3	Updated Fixed Software to include information on new software updates.	Fixed Software	Final	2016-September-13
1.2	Updated the affected products to indicate when fixes will be made available.	Affected Products	Final	2016-January-21
1.1	Updated the Summary, Exploitation and Public Announcements, and Workarounds sections to clarify the details.	Summary, Exploitation and Public Announcements, Workarounds.	Final	2015-November-26
1.0	Initial public release	-	Final	2015-November-25

Show Complete History...

Legal Disclaimer

THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.

A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.

Feedback

Leave additional feedback

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability

Summary

Affected Products

Vulnerable Products

Products Confirmed Not Vulnerable

Workarounds

Fixed Software

Exploitation and Public Announcements

Source

Cisco Security Vulnerability Policy

Subscribe to Cisco Security Notifications

URL

Revision History

Legal Disclaimer

Feedback

Vulmon Search

About

Products

Connect