Vulnerability CVE-2015-6358


Published: 2017-10-12

Description:
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

 References:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
http://www.kb.cert.org/vuls/id/566724
http://www.securityfocus.com/bid/78047
http://www.securitytracker.com/id/1034255
http://www.securitytracker.com/id/1034256
http://www.securitytracker.com/id/1034257
http://www.securitytracker.com/id/1034258

Copyright 2017, cxsecurity.com

 

Back to Top