CVE-2015-6280
Cisco IOS 15.2-15.5 and IOS XE 3.6E-3.14S - Improper Authentication via SSHv2 RSA
Title source: llmDescription
The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1033646
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
Vendor Advisory x_refsource_confirm
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml
Scores
EPSS
0.0439
EPSS Percentile
90.1%
Details
CWE
CWE-287
Status
published
Products (50)
cisco/ios
15.2\(1\)sy
cisco/ios
15.2\(1\)sy0a
cisco/ios
15.2\(2\)e
cisco/ios
15.2\(2\)e1
cisco/ios
15.2\(2\)e2
cisco/ios
15.2\(2\)ea1
cisco/ios
15.2\(2a\)e1
cisco/ios
15.2\(2a\)e2
cisco/ios
15.2\(3\)e
cisco/ios
15.2\(3\)ea
... and 40 more
Published
Sep 28, 2015
Tracked Since
Feb 18, 2026