CVE-2015-6358

EUVD-2015-6300
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
ciscorv320_firmware
𝑥
≤ 1.3.1.10
ciscorv325_firmware
𝑥
≤ 1.3.1.10
ciscorvs4000_firmware
𝑥
≤ 2.0.3.4
ciscowrv210_firmware
𝑥
≤ 2.0.1.5
ciscowap4410n_firmware
𝑥
≤ 2.0.7.8
ciscowrv200_firmware
1.0.39
ciscowrvs4400n_firmware
𝑥
≤ 2.0.2.2
ciscowap200_firmware
𝑥
≤ 2.0.6.0
ciscowvc2300_firmware
𝑥
≤ 1.1.2.6
ciscopvc2300_firmware
𝑥
≤ 1.1.2.6
ciscosrw224p_firmware
𝑥
≤ 2.0.2.4
ciscowet200_firmware
𝑥
≤ 2.0.8.0
ciscowap2000_firmware
𝑥
≤ 2.0.8.0
ciscorv120w_firmware
𝑥
≤ 1.0.5.9
ciscorv180_firmware
𝑥
≤ 1.0.5.4
ciscorv180w_firmware
𝑥
≤ 1.0.5.4
ciscorv315w_firmware
𝑥
≤ 1.01.03
ciscosrp520_firmware
𝑥
≤ 1.01.29
ciscosrp520-u_firmware
𝑥
≤ 1.2.6
ciscowrp500_firmware
𝑥
≤ 1.0.1.002
ciscospa400_firmware
𝑥
≤ 1.1.2.2
ciscortp300_firmware
𝑥
≤ 3.1.24
ciscorv220w_firmware
𝑥
≤ 1.0.4.17
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
http://www.kb.cert.org/vuls/id/566724
http://www.securityfocus.com/bid/78047
http://www.securitytracker.com/id/1034255
http://www.securitytracker.com/id/1034256
http://www.securitytracker.com/id/1034257
http://www.securitytracker.com/id/1034258
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
http://www.kb.cert.org/vuls/id/566724
http://www.securityfocus.com/bid/78047
http://www.securitytracker.com/id/1034255
http://www.securitytracker.com/id/1034256
http://www.securitytracker.com/id/1034257
http://www.securitytracker.com/id/1034258