CVE-2015-6316
Summary
| CVE | CVE-2015-6316 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-11-06 11:59:00 UTC |
| Updated | 2017-01-06 16:53:00 UTC |
| Description | The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. |
Risk And Classification
Problem Types: CWE-255
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Mobility Services Engine | 5.1_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 5.2_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 6.0_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.0_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.4.100.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.4.110.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.4.121.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.4_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.5.102.101 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.6.100.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.6.120.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.6.132.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 8.0(110.0) | All | All | All |
| Application | Cisco | Mobility Services Engine | 8.0\(110.0\) | All | All | All |
| Application | Cisco | Mobility Services Engine | 8.0_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 5.1_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 5.2_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 6.0_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.0_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.4.100.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.4.110.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.4.121.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.4_base | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.5.102.101 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.6.100.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.6.120.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 7.6.132.0 | All | All | All |
| Application | Cisco | Mobility Services Engine | 8.0\(110.0\) | All | All | All |
| Application | Cisco | Mobility Services Engine | 8.0_base | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco Mobility Services Engine CVE-2015-6316 Insecure Default Password Vulnerability | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| Cisco Mobility Services Engine Default Account and Credentials Lets Remote Users Access the Target System - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Cisco Mobility Services Engine Static Credential Vulnerability | CISCO | tools.cisco.com | Mitigation, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.