Published: 12/10/2017 Updated: 03/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Vulnerability Summary

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote malicious users to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

cisco rv320_firmware

cisco rv325_firmware

cisco rvs4000_firmware

cisco wrv210_firmware

cisco wap4410n_firmware

cisco wrv200_firmware 1.0.39

cisco wrvs4400n_firmware

cisco wap200_firmware

cisco wvc2300_firmware

cisco pvc2300_firmware

cisco srw224p_firmware

cisco wet200_firmware

cisco wap2000_firmware

cisco wap4400n_firmware

cisco rv120w_firmware

cisco rv180_firmware

cisco rv180w_firmware

cisco rv315w_firmware

cisco srp520_firmware

cisco srp520-u_firmware

cisco wrp500_firmware

cisco spa400_firmware

cisco rtp300_firmware

cisco rv220w_firmware

Vendor Advisories

A vulnerability in the cryptographic implementation of multiple Cisco products could allow an unauthenticated, remote attacker to make use of hard-coded certificate and keys embedded within the firmware of the affected device The vulnerability is due to the lack of unique key and certificate generation within affected appliances An attacker coul ...