CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
71.5%
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | rv320_firmware | * | cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:* |
cisco | rv320 | - | cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:* |
cisco | rv325_firmware | * | cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:* |
cisco | rv325 | - | cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:* |
cisco | rvs4000_firmware | * | cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:* |
cisco | rvs4000 | - | cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:* |
cisco | wrv210_firmware | * | cpe:2.3:o:cisco:wrv210_firmware:*:*:*:*:*:*:*:* |
cisco | wrv210 | - | cpe:2.3:h:cisco:wrv210:-:*:*:*:*:*:*:* |
cisco | wap4410n_firmware | * | cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:* |
cisco | wap4410n | - | cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:* |
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
71.5%