CVE-2015-6358

MEDIUM

Cisco Multiple Routers Firmware - Improper Certificate Validation

Title source: llm
STIX 2.1

Description

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

References (7)

Core 7
Core References
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/566724
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034258
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/78047
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034255
Issue Tracking, Patch, Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034257
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034256

Scores

CVSS v3 5.9
EPSS 0.0131
EPSS Percentile 66.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-295
Status published
Products (24)
cisco/pvc2300_firmware < 1.1.2.6
cisco/rtp300_firmware < 3.1.24
cisco/rv120w_firmware < 1.0.5.9
cisco/rv180_firmware < 1.0.5.4
cisco/rv180w_firmware < 1.0.5.4
cisco/rv220w_firmware < 1.0.4.17
cisco/rv315w_firmware < 1.01.03
cisco/rv320_firmware < 1.3.1.10
cisco/rv325_firmware < 1.3.1.10
cisco/rvs4000_firmware < 2.0.3.4
... and 14 more
Published Oct 12, 2017
Tracked Since Feb 18, 2026