CVE-2015-6358

Published: 12/10/2017 Updated: 03/11/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote malicious users to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco rv320 firmware
cisco rv325 firmware
cisco rvs4000 firmware
cisco wrv210 firmware
cisco wap4410n firmware
cisco wrv200 firmware 1.0.39
cisco wrvs4400n firmware
cisco wap200 firmware
cisco wvc2300 firmware
cisco pvc2300 firmware
cisco srw224p firmware
cisco wet200 firmware
cisco wap2000 firmware
cisco wap4400n firmware
cisco rv120w firmware
cisco rv180 firmware
cisco rv180w firmware
cisco rv315w firmware
cisco srp520 firmware
cisco srp520-u firmware
cisco wrp500 firmware
cisco spa400 firmware
cisco rtp300 firmware
cisco rv220w firmware

A vulnerability in the cryptographic implementation of multiple Cisco products could allow an unauthenticated, remote attacker to make use of hard-coded certificate and keys embedded within the firmware of the affected device The vulnerability is due to the lack of unique key and certificate generation within affected appliances An attacker coul ...

CWE-295 http://www.securitytracker.com/id/1034258 http://www.securitytracker.com/id/1034257 http://www.securitytracker.com/id/1034256 http://www.securitytracker.com/id/1034255 http://www.securityfocus.com/bid/78047 http://www.kb.cert.org/vuls/id/566724 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci https://www.kb.cert.org/vuls/id/566724

CVE-2015-6358

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect