Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2015-6358
HistoryOct 12, 2017 - 3:29 p.m.

CVE-2015-6358

2017-10-1215:29:00
CWE-295
[email protected]
web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.5%

JSON

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Affected configurations

NVD
Node
ciscorv320_firmwareRange1.3.1.10
AND
ciscorv320Match-
Node
ciscorv325_firmwareRange1.3.1.10
AND
ciscorv325Match-
Node
ciscorvs4000_firmwareRange2.0.3.4
AND
ciscorvs4000Match-
Node
ciscowrv210_firmwareRange2.0.1.5
AND
ciscowrv210Match-
Node
ciscowap4410n_firmwareRange2.0.7.8
AND
ciscowap4410nMatch-
Node
ciscowrv200_firmwareMatch1.0.39
AND
ciscowrv200Match-
Node
ciscowrvs4400n_firmwareRange2.0.2.2
AND
ciscowrvs4400nMatch-
Node
ciscowap200_firmwareRange2.0.6.0
AND
ciscowap200Match-
Node
ciscowvc2300_firmwareRange1.1.2.6
AND
ciscowvc2300Match-
Node
ciscopvc2300_firmwareRange1.1.2.6
AND
ciscopvc2300Match-
Node
ciscosrw224p_firmwareRange2.0.2.4
AND
ciscosrw224pMatch-
Node
ciscowet200_firmwareRange2.0.8.0
AND
ciscowet200Match-
Node
ciscowap2000_firmwareRange2.0.8.0
AND
ciscowap2000Match-
Node
ciscowap4400n_firmwareRange-
AND
ciscowap4400nMatch-
Node
ciscorv120w_firmwareRange1.0.5.9
AND
ciscorv120wMatch-
Node
ciscorv180_firmwareRange1.0.5.4
AND
ciscorv180Match-
Node
ciscorv180w_firmwareRange1.0.5.4
AND
ciscorv180wMatch-
Node
ciscorv315w_firmwareRange1.01.03
AND
ciscorv315wMatch-
Node
ciscosrp520_firmwareRange1.01.29
AND
ciscosrp520Match-
Node
ciscosrp520-u_firmwareRange1.2.6
AND
ciscosrp520-uMatch-
Node
ciscowrp500_firmwareRange1.0.1.002
AND
ciscowrp500Match-
Node
ciscospa400_firmwareRange1.1.2.2
AND
ciscospa400Match-
Node
ciscortp300_firmwareRange3.1.24
AND
ciscortp300Match-
Node
ciscorv220w_firmwareRange1.0.4.17
AND
ciscorv220wMatch-

Related

openvas 3
cve 1
cvelist 1
cisco 1
prion 1
nessus 2
cert 1
openvas
openvas
Cisco Small Business RV Series Confidential Information Decryption Man-in-the-Middle Vulnerability
2016-09-15 00:00:00
SSL/TLS: Known Compromised Certificate Detection
2021-11-10 00:00:00
Known SSH Host Key
2016-01-05 00:00:00
cve
cve
CVE-2015-6358
2017-10-12 15:29:00
cvelist
cvelist
CVE-2015-6358
2017-10-12 15:00:00
cisco
cisco
Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability
2015-11-25 21:30:00
prion
prion
Hardcoded credentials
2017-10-12 15:29:00
nessus
nessus
SSH Known Hard Coded Private Keys
2019-01-08 00:00:00
SSL / TLS Certificate Known Hard Coded Private Keys
2019-01-08 00:00:00
cert
cert
Embedded devices use non-unique X.509 certificates and SSH host keys
2015-11-25 00:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.5%

JSON
Related for NVD:CVE-2015-6358
openvas3cve1cvelist1cisco1prion1nessus2cert1