Vulnerability CVE-2015-6358


Published: 2017-10-12

Description:
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Cisco -> Wap200 firmware 
Cisco -> Pvc2300 firmware 
Cisco -> Wap4400n firmware 
Cisco -> Rtp300 firmware 
Cisco -> Wap4410n firmware 
Cisco -> Rv120w firmware 
Cisco -> Wet200 firmware 
Cisco -> Rv180 firmware 
Cisco -> Wrp500 firmware 
Cisco -> Rv180w firmware 
Cisco -> Wrv200 firmware 
Cisco -> Rv220w firmware 
Cisco -> Wrv210 firmware 
Cisco -> Rv315w firmware 
Cisco -> Wrvs4400n firmware 
Cisco -> Rv320 firmware 
Cisco -> Wvc2300 firmware 
Cisco -> Rv325 firmware 
Cisco -> Rvs4000 firmware 
Cisco -> Spa400 firmware 
Cisco -> Srp520-u firmware 
Cisco -> Srp520 firmware 
Cisco -> Srw224p firmware 
Cisco -> Wap2000 firmware 

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
http://www.kb.cert.org/vuls/id/566724
http://www.securityfocus.com/bid/78047
http://www.securitytracker.com/id/1034255
http://www.securitytracker.com/id/1034256
http://www.securitytracker.com/id/1034257
http://www.securitytracker.com/id/1034258

Copyright 2024, cxsecurity.com

 

Back to Top