{"id": "CVE-2015-6358", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.2}]}, "published": "2017-10-12T15:29:00.217", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.kb.cert.org/vuls/id/566724", "tags": ["Third Party Advisory", "US Government Resource"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securityfocus.com/bid/78047", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1034255", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1034256", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1034257", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1034258", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci", "tags": ["Issue Tracking", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/566724", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/78047", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1034255", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1034256", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1034257", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1034258", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-295"}]}], "descriptions": [{"lang": "en", "value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."}, {"lang": "es", "value": "M\u00faltiples dispositivos con software de Cisco incorporado utilizan certificados X.509 embebidos y claves de host SSH embebidas en el firmware, lo que permite que atacantes remotos superen los mecanismos de protecci\u00f3n criptogr\u00e1fica y realicen ataques Man-in-the-Middle (MitM) sabiendo de estos certificados y claves de otra instalaci\u00f3n. Esto tambi\u00e9n se conoce por los siguientes Bug ID: CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899 y CSCuw90913."}], "lastModified": "2024-11-21T02:34:50.923", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F503CBF1-C2FB-40ED-8DA4-85F233EC4F8F", "versionEndIncluding": "1.3.1.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7596F6D4-10DA-4F29-95AD-75B60F4670D6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE1BC6E1-8A83-438F-AE33-3AAED7DF1CBE", "versionEndIncluding": "1.3.1.10"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "3435D601-EDA8-49FF-8841-EA6DF1518C75"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7881E4BC-6590-49C0-88C4-A21F2BE2B4FE", "versionEndIncluding": "2.0.3.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EC30BCF7-FA1A-44B3-8C58-17DFA939E7C7"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wrv210_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E9D1511-2B20-4013-9504-0FE9A9B5220C", "versionEndIncluding": "2.0.1.5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wrv210:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6FA20862-B235-4230-8861-A59CF62CC65E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EB758D90-1888-42E3-9305-82F59D9C1891", "versionEndIncluding": "2.0.7.8"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFF89AC2-2A85-463C-A644-B3FA31A470FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wrv200_firmware:1.0.39:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "57B0AF22-058C-4273-8A3F-744692DFB77E"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wrv200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F73575BC-B0E8-49A5-8E68-4D9B3109029D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wrvs4400n_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1A1D37CC-A650-496D-B66B-62F69EFFFCCC", "versionEndIncluding": "2.0.2.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BC842A29-7A55-4474-B5AD-A6813FE16A7D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBC035F1-83DE-47F1-BF2D-72FE32E926BC", "versionEndIncluding": "2.0.6.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "BD50A4C8-8E79-4D0B-8D23-88425EFE9234"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wvc2300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6F6D758-4D48-4D16-B54C-08F924D8623C", "versionEndIncluding": "1.1.2.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wvc2300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E1122B4F-87D0-4030-9C4C-E811BBEAC51F"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:pvc2300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24B3D0D5-BA35-44A7-A9AC-EFC38638424E", "versionEndIncluding": "1.1.2.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:pvc2300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "35B259F8-E3F8-44D0-9EDB-BC686F239CF6"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:srw224p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72473F9C-4AD6-47AE-9568-D7451EB8DD09", "versionEndIncluding": "2.0.2.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:srw224p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8B559090-2CB3-41E6-B9C8-EB83FC7AFE54"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wet200_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1B80159-909F-4B59-9DC6-34C1E508FCD1", "versionEndIncluding": "2.0.8.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wet200:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "565A92B8-DF55-4F7D-B312-E1870728F27A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap2000_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3751819E-FF92-4540-93D2-2D8F8427D826", "versionEndIncluding": "2.0.8.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap2000:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C4844B66-4D3A-4526-87A3-6C45B9360691"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wap4400n_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C17056F7-933C-45AD-8F75-64E4B9ADFB55", "versionEndIncluding": "-"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wap4400n:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D47B755E-277A-4FF5-B005-C7F28B191D6B"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34E8DF08-06D6-46EE-AE4A-8FA11D3E1FB9", "versionEndIncluding": "1.0.5.9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "40465CA8-BE8B-4F15-8578-D8972C241D84"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A27C46AD-51E7-463F-A296-D4C6DF9B01F7", "versionEndIncluding": "1.0.5.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A8BD67F3-98CE-4B03-8980-6791B753FDC9"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv180w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA690405-6AB8-4503-90AB-0B25F50F4776", "versionEndIncluding": "1.0.5.4"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv315w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7EEDA17A-529D-455C-B608-DFCFEC4DD448", "versionEndIncluding": "1.01.03"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv315w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8D7B47D7-4D6B-43BF-BF1C-E89C781DDD14"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:srp520_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "857DB576-9674-42E1-B122-0ACCD696818F", "versionEndIncluding": "1.01.29"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:srp520:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DEE62C2A-30E6-4E0F-AC84-1A75F5032D22"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:srp520-u_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F87C7EB8-4AF8-484E-B90F-B5E2C77D7679", "versionEndIncluding": "1.2.6"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:srp520-u:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "F4A12DCA-F804-4CC1-B1FE-EF4A182A9722"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:wrp500_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67487247-39A1-4EF9-A451-3A2585CC7D54", "versionEndIncluding": "1.0.1.002"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:wrp500:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78DAF22A-9A5A-4E55-AF0F-ED9969610411"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:spa400_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "26067A0B-6752-4008-A021-57A76AC84F26", "versionEndIncluding": "1.1.2.2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:spa400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A20F9B77-999F-4B2E-8894-6D6AED4A92CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rtp300_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "114E7DD2-5C5F-40A2-A795-FF75FACB4567", "versionEndIncluding": "3.1.24"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rtp300:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78E72C11-E53D-4E29-802A-002F0229C158"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9C4E5A6-88BB-4758-8222-369BAE95C14B", "versionEndIncluding": "1.0.4.17"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8620DFD9-E280-464E-91FF-2E901EDD49C0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}