Lucene search

[email protected]CVE-2015-7256

HistorySep 28, 2017 - 1:29 a.m.

CVE-2015-7256

2017-09-2801:29:00

CWE-310

[email protected]

web.nvd.nist.gov

138

cve-2015-7256

zyxel

access points

dsl cpes

gpons

gateways

switches

x.509 certificates

ssh

security vulnerability

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI access points; P-660HN-51, P-663HN-51, VMG1312-B10A, VMG1312-B30A, VMG1312-B30B, VMG4380-B10A, VMG8324-B10A, VMG8924-B10A, VMG8924-B30A, and VSG1435-B101 DSL CPEs; PMG5318-B20A GPONs; SBG3300-N000, SBG3300-NB00, and SBG3500-N000 small business gateways; GS1900-8 and GS1900-24 switches; and C1000Z, Q1000, FR1000Z, and P8702N project models use non-unique X.509 certificates and SSH host keys.

Affected configurations

NVD

Node

zyxelnwa1100-n_firmwareMatch-

AND

zyxelnwa1100-nMatch-

Node

zyxelnwa1100-nh_firmwareMatch-

AND

zyxelnwa1100-nhMatch-

Node

zyxelnwa1121-ni_firmwareMatch-

AND

zyxelnwa1121-niMatch-

Node

zyxelnwa1123-ac_firmwareMatch-

AND

zyxelnwa1123-acMatch-

Node

zyxelnwa1123-ni_firmwareMatch-

AND

zyxelnwa1123-niMatch-

Node

zyxelp-660hn-51_firmwareMatch-

AND

zyxelp-660hn-51Match-

Node

zyxelp-663hn-51_firmwareMatch-

AND

zyxelp-663hn-51Match-

Node

zyxelvmg1312-b10a_firmwareMatch-

AND

zyxelvmg1312-b10aMatch-

Node

zyxelvmg1312-b30a_firmwareMatch-

AND

zyxelvmg1312-b30aMatch-

Node

zyxelvmg1312-b30b_firmwareMatch-

AND

zyxelvmg1312-b30bMatch-

Node

zyxelvmg4380-b10a_firmwareMatch-

AND

zyxelvmg4380-b10aMatch-

Node

zyxelvmg8324-b10a_firmwareMatch-

AND

zyxelvmg8324-b10aMatch-

Node

zyxelvmg8924-b10a_firmwareMatch-

AND

zyxelvmg8924-b10aMatch-

Node

zyxelvmg8924-b30a_firmwareMatch-

AND

zyxelvmg8924-b30aMatch-

Node

zyxelvsg1435-b101_firmwareMatch-

AND

zyxelvsg1435-b101Match-

Node

zyxelpmg5318-b20a_firmwareMatch-

AND

zyxelpmg5318-b20aMatch-

Node

zyxelsbg3300-n000_firmwareMatch-

AND

zyxelsbg3300-n000Match-

Node

zyxelsbg3300-nb00_firmwareMatch-

AND

zyxelsbg3300-nb00Match-

Node

zyxelsbg3500-n000_firmwareMatch-

AND

zyxelsbg3500-n000Match-

Node

zyxelgs1900-8_firmwareMatch-

AND

zyxelgs1900-8Match-

Node

zyxelgs1900-24_firmwareMatch-

AND

zyxelgs1900-24Match-

Node

zyxelc1000z_firmwareMatch-

AND

zyxelc1000zMatch-

Node

zyxelq1000_firmwareMatch-

AND

zyxelq1000Match-

Node

zyxelfr1000z_firmwareMatch-

AND

zyxelfr1000zMatch-

Node

zyxelp8702n_firmwareMatch-

AND

zyxelp8702nMatch-

CPENameOperatorVersion
zyxel:nwa1100-n_firmwarezyxel nwa1100-n firmwareeq-

CPE	Name	Operator	Version
zyxel:nwa1100-n_firmware	zyxel nwa1100-n firmware	eq	-

References

www.kb.cert.org/vuls/id/566724

www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.9 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

39.3%

JSON

Related for CVE-2015-7256

nvd1 cvelist1 prion1 nessus2 cert1 openvas2