CVE-2015-6358 Information

Description

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation aka Bug IDs CSCuw46610 CSCuw46620 CSCuw46637 CSCuw46654 CSCuw46665 CSCuw46672 CSCuw46677 CSCuw46682 CSCuw46705 CSCuw46716 CSCuw46979 CSCuw47005 CSCuw47028 CSCuw47040 CSCuw47048 CSCuw47061 CSCuw90860 CSCuw90869 CSCuw90875 CSCuw90881 CSCuw90899 and CSCuw90913.

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci http://www.kb.cert.org/vuls/id/566724 http://www.securityfocus.com/bid/78047 http://www.securitytracker.com/id/1034255 http://www.securitytracker.com/id/1034256 http://www.securitytracker.com/id/1034257 http://www.securitytracker.com/id/1034258

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

5.9