Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2015-6358

Published: 12/10/2017 Updated: 03/11/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Rv320 Firmware

Vulnerability Summary

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote malicious users to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco rv320_firmware

cisco rv325_firmware

cisco rvs4000_firmware

cisco wrv210_firmware

cisco wap4410n_firmware

cisco wrv200_firmware 1.0.39

cisco wrvs4400n_firmware

cisco wap200_firmware

cisco wvc2300_firmware

cisco pvc2300_firmware

cisco srw224p_firmware

cisco wet200_firmware

cisco wap2000_firmware

cisco wap4400n_firmware

cisco rv120w_firmware

cisco rv180_firmware

cisco rv180w_firmware

cisco rv315w_firmware

cisco srp520_firmware

cisco srp520-u_firmware

cisco wrp500_firmware

cisco spa400_firmware

cisco rtp300_firmware

cisco rv220w_firmware

Vendor Advisories

Cisco: Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability
A vulnerability in the cryptographic implementation of multiple Cisco products could allow an unauthenticated, remote attacker to make use of hard-coded certificate and keys embedded within the firmware of the affected device The vulnerability is due to the lack of unique key and certificate generation within affected appliances An attacker coul ...

References

CWE-295http://www.securitytracker.com/id/1034258http://www.securitytracker.com/id/1034257http://www.securitytracker.com/id/1034256http://www.securitytracker.com/id/1034255http://www.securityfocus.com/bid/78047http://www.kb.cert.org/vuls/id/566724http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-cihttps://nvd.nist.govhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-cihttps://www.kb.cert.org/vuls/id/566724
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook