CVE-2015-6358

EPSS 1.97%
Veröffentlicht 12.10.2017 15:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle psirt@cisco.com
Teams Watchlist Login
Unerledigt Login

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cisco ≫ Rv320 Firmware Version <= 1.3.1.10

Cisco ≫ Rv320 Version-

Cisco ≫ Rv325 Firmware Version <= 1.3.1.10

Cisco ≫ Rv325 Version-

Cisco ≫ Rvs4000 Firmware Version <= 2.0.3.4

Cisco ≫ Rvs4000 Version-

Cisco ≫ Wrv210 Firmware Version <= 2.0.1.5

Cisco ≫ Wrv210 Version-

Cisco ≫ Wap4410n Firmware Version <= 2.0.7.8

Cisco ≫ Wap4410n Version-

Cisco ≫ Wrv200 Firmware Version1.0.39

Cisco ≫ Wrv200 Version-

Cisco ≫ Wrvs4400n Firmware Version <= 2.0.2.2

Cisco ≫ Wrvs4400n Version-

Cisco ≫ Wap200 Firmware Version <= 2.0.6.0

Cisco ≫ Wap200 Version-

Cisco ≫ Wvc2300 Firmware Version <= 1.1.2.6

Cisco ≫ Wvc2300 Version-

Cisco ≫ Pvc2300 Firmware Version <= 1.1.2.6

Cisco ≫ Pvc2300 Version-

Cisco ≫ Srw224p Firmware Version <= 2.0.2.4

Cisco ≫ Srw224p Version-

Cisco ≫ Wet200 Firmware Version <= 2.0.8.0

Cisco ≫ Wet200 Version-

Cisco ≫ Wap2000 Firmware Version <= 2.0.8.0

Cisco ≫ Wap2000 Version-

Cisco ≫ Wap4400n Firmware Version <= -

Cisco ≫ Wap4400n Version-

Cisco ≫ Rv120w Firmware Version <= 1.0.5.9

Cisco ≫ Rv120w Version-

Cisco ≫ Rv180 Firmware Version <= 1.0.5.4

Cisco ≫ Rv180 Version-

Cisco ≫ Rv180w Firmware Version <= 1.0.5.4

Cisco ≫ Rv180w Version-

Cisco ≫ Rv315w Firmware Version <= 1.01.03

Cisco ≫ Rv315w Version-

Cisco ≫ Srp520 Firmware Version <= 1.01.29

Cisco ≫ Srp520 Version-

Cisco ≫ Srp520-u Firmware Version <= 1.2.6

Cisco ≫ Srp520-u Version-

Cisco ≫ Wrp500 Firmware Version <= 1.0.1.002

Cisco ≫ Wrp500 Version-

Cisco ≫ Spa400 Firmware Version <= 1.1.2.2

Cisco ≫ Spa400 Version-

Cisco ≫ Rtp300 Firmware Version <= 3.1.24

Cisco ≫ Rtp300 Version-

Cisco ≫ Rv220w Firmware Version <= 1.0.4.17

Cisco ≫ Rv220w Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.97%	0.825

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

http://www.kb.cert.org/vuls/id/566724

Third Party Advisory

US Government Resource

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci

Patch

Vendor Advisory

Issue Tracking

http://www.securityfocus.com/bid/78047

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1034255

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1034256

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1034257

Third Party Advisory

VDB Entry

http://www.securitytracker.com/id/1034258

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2015-6358

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-6358

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-6358

EUVD