CVE-2015-6358

Summary

CVE	CVE-2015-6358
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2017-10-12 15:29:00 UTC
Updated	2017-11-03 16:46:00 UTC
Description	Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Risk And Classification

Problem Types: CWE-295

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Hardware	Cisco	Pvc2300	-	All	All	All
Hardware	Cisco	Pvc2300	-	All	All	All
Operating System	Cisco	Pvc2300 Firmware	All	All	All	All
Hardware	Cisco	Rtp300	-	All	All	All
Hardware	Cisco	Rtp300	-	All	All	All
Operating System	Cisco	Rtp300 Firmware	All	All	All	All
Hardware	Cisco	Rv120w	-	All	All	All
Hardware	Cisco	Rv120w	-	All	All	All
Operating System	Cisco	Rv120w Firmware	All	All	All	All
Hardware	Cisco	Rv180	-	All	All	All
Hardware	Cisco	Rv180	-	All	All	All
Hardware	Cisco	Rv180w	-	All	All	All
Hardware	Cisco	Rv180w	-	All	All	All
Operating System	Cisco	Rv180w Firmware	All	All	All	All
Operating System	Cisco	Rv180 Firmware	All	All	All	All
Hardware	Cisco	Rv220w	-	All	All	All
Hardware	Cisco	Rv220w	-	All	All	All
Operating System	Cisco	Rv220w Firmware	All	All	All	All
Hardware	Cisco	Rv315w	-	All	All	All
Hardware	Cisco	Rv315w	-	All	All	All
Operating System	Cisco	Rv315w Firmware	All	All	All	All
Hardware	Cisco	Rv320	-	All	All	All
Hardware	Cisco	Rv320	-	All	All	All
Operating System	Cisco	Rv320 Firmware	All	All	All	All
Hardware	Cisco	Rv325	-	All	All	All
Hardware	Cisco	Rv325	-	All	All	All
Operating System	Cisco	Rv325 Firmware	All	All	All	All
Hardware	Cisco	Rvs4000	-	All	All	All
Hardware	Cisco	Rvs4000	-	All	All	All
Operating System	Cisco	Rvs4000 Firmware	All	All	All	All
Hardware	Cisco	Spa400	-	All	All	All
Hardware	Cisco	Spa400	-	All	All	All
Operating System	Cisco	Spa400 Firmware	All	All	All	All
Hardware	Cisco	Srp520	-	All	All	All
Hardware	Cisco	Srp520	-	All	All	All
Hardware	Cisco	Srp520-u	-	All	All	All
Hardware	Cisco	Srp520-u	-	All	All	All
Operating System	Cisco	Srp520-u Firmware	All	All	All	All
Operating System	Cisco	Srp520 Firmware	All	All	All	All
Hardware	Cisco	Srw224p	-	All	All	All
Hardware	Cisco	Srw224p	-	All	All	All
Operating System	Cisco	Srw224p Firmware	All	All	All	All
Hardware	Cisco	Wap200	-	All	All	All
Hardware	Cisco	Wap200	-	All	All	All
Hardware	Cisco	Wap2000	-	All	All	All
Hardware	Cisco	Wap2000	-	All	All	All
Operating System	Cisco	Wap2000 Firmware	All	All	All	All
Operating System	Cisco	Wap200 Firmware	All	All	All	All
Hardware	Cisco	Wap4400n	-	All	All	All
Hardware	Cisco	Wap4400n	-	All	All	All
Operating System	Cisco	Wap4400n Firmware	All	All	All	All
Hardware	Cisco	Wap4410n	-	All	All	All
Hardware	Cisco	Wap4410n	-	All	All	All
Operating System	Cisco	Wap4410n Firmware	All	All	All	All
Hardware	Cisco	Wet200	-	All	All	All
Hardware	Cisco	Wet200	-	All	All	All
Operating System	Cisco	Wet200 Firmware	All	All	All	All
Hardware	Cisco	Wrp500	-	All	All	All
Hardware	Cisco	Wrp500	-	All	All	All
Operating System	Cisco	Wrp500 Firmware	All	All	All	All
Hardware	Cisco	Wrv200	-	All	All	All
Hardware	Cisco	Wrv200	-	All	All	All
Operating System	Cisco	Wrv200 Firmware	1.0.39	All	All	All
Operating System	Cisco	Wrv200 Firmware	1.0.39	All	All	All
Hardware	Cisco	Wrv210	-	All	All	All
Hardware	Cisco	Wrv210	-	All	All	All
Operating System	Cisco	Wrv210 Firmware	All	All	All	All
Hardware	Cisco	Wrvs4400n	-	All	All	All
Hardware	Cisco	Wrvs4400n	-	All	All	All
Operating System	Cisco	Wrvs4400n Firmware	All	All	All	All
Hardware	Cisco	Wvc2300	-	All	All	All
Hardware	Cisco	Wvc2300	-	All	All	All
Operating System	Cisco	Wvc2300 Firmware	All	All	All	All

References

Reference	Source	Link	Tags
Cisco Gigabit Security Routers Use Static Certificates and Keys That Let Remote Users Decrypt Potentially Sensitive User Connections - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability	CISCO	tools.cisco.com	Issue Tracking, Patch, Vendor Advisory
Multiple Cisco Products CVE-2015-6358 Man in the Middle Information Disclosure Vulnerability	BID	www.securityfocus.com	Third Party Advisory, VDB Entry
Cisco Small Business RV Series Routers Use Static Certificates and Keys That Let Remote Users Decrypt Potentially Sensitive User Connections - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Cisco Video Surveillance Cameras Use Static Certificates and Keys That Let Remote Users Decrypt Potentially Sensitive User Connections - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
VU#566724 - Embedded devices use non-unique X.509 certificates and SSH host keys	CERT-VN	www.kb.cert.org	Third Party Advisory, US Government Resource
Cisco Small Business SRP Series Devices Use Static Certificates and Keys That Let Remote Users Decrypt Potentially Sensitive User Connections - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.