{"api_version":"1","generated_at":"2026-06-05T10:40:16+00:00","cve":"CVE-2015-6418","urls":{"html":"https://cve.report/CVE-2015-6418","api":"https://cve.report/api/cve/CVE-2015-6418.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2015-6418","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2015-6418"},"summary":{"title":"CVE-2015-6418","description":"The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.","state":"PUBLISHED","assigner":"cisco","published_at":"2015-12-13 03:59:09","updated_at":"2026-05-06 22:30:45"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"4.3","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr","name":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1034409","name":"http://www.securitytracker.com/id/1034409","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco SA500 Series Security Appliances Weak Random Number Generation Lets Remote Users Determine TLS Session Keys on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1034408","name":"http://www.securitytracker.com/id/1034408","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Cisco Small Business RV Series Weak Random Number Generation Lets Remote Users Determine TLS Session Keys on the Target System - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/78876","name":"http://www.securityfocus.com/bid/78876","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"Malformed Request","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2015-6418","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-6418","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv016_multi-wan_vpn_firmware","cpe6":"4.0.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv016_multi-wan_vpn_firmware","cpe6":"4.0.2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv016_multi-wan_vpn_firmware","cpe6":"4.0.5.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv042g_dual_gigabit_wan_vpn_firmware","cpe6":"4.0.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv042g_dual_gigabit_wan_vpn_firmware","cpe6":"4.2.2.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv042g_dual_gigabit_wan_vpn_firmware","cpe6":"4.2.2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv042_dual_wan_vpn_router_firmware","cpe6":"4.0.2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv082_dual_wan_vpn_router_firmware","cpe6":"4.0.0.7","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"cisco","cpe5":"rv082_dual_wan_vpn_router_firmware","cpe6":"4.0.2.8","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"sa520","cpe6":"2.2.07","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"sa520w","cpe6":"2.2.07","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2015","cve_id":"6418","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"cisco","cpe5":"sa540","cpe6":"2.2.07","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-06T07:22:21.131Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"20151210 Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability","tags":["vendor-advisory","x_refsource_CISCO","x_transferred"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr"},{"name":"1034408","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1034408"},{"name":"1034409","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/id/1034409"},{"name":"78876","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/78876"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2015-12-10T00:00:00.000Z","descriptions":[{"lang":"en","value":"The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-12-05T14:57:01.000Z","orgId":"d1c1063e-7a18-46af-9102-31f8928bc633","shortName":"cisco"},"references":[{"name":"20151210 Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability","tags":["vendor-advisory","x_refsource_CISCO"],"url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr"},{"name":"1034408","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1034408"},{"name":"1034409","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/id/1034409"},{"name":"78876","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/78876"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"psirt@cisco.com","ID":"CVE-2015-6418","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"20151210 Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability","refsource":"CISCO","url":"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr"},{"name":"1034408","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1034408"},{"name":"1034409","refsource":"SECTRACK","url":"http://www.securitytracker.com/id/1034409"},{"name":"78876","refsource":"BID","url":"http://www.securityfocus.com/bid/78876"}]}}}},"cveMetadata":{"assignerOrgId":"d1c1063e-7a18-46af-9102-31f8928bc633","assignerShortName":"cisco","cveId":"CVE-2015-6418","datePublished":"2015-12-13T02:00:00.000Z","dateReserved":"2015-08-17T00:00:00.000Z","dateUpdated":"2024-08-06T07:22:21.131Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2015-12-13 03:59:09","lastModifiedDate":"2026-05-06 22:30:45","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:sa520:2.2.07:*:*:*:*:*:*:*","matchCriteriaId":"5242A08F-0736-4FAC-B015-46BBF1115B08"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:sa520w:2.2.07:*:*:*:*:*:*:*","matchCriteriaId":"F6B17623-8183-4C2C-A1BD-1654200D6AC3"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:sa540:2.2.07:*:*:*:*:*:*:*","matchCriteriaId":"C7D2641C-CCFF-411A-96B4-F8823F4B4BA5"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"8C8A650F-4509-4632-92D3-72C412A49012"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FC822B95-469E-4DB8-A1C0-B4AAA3D3644F"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.5.0:*:*:*:*:*:*:*","matchCriteriaId":"487B2A80-30AD-45F8-A46D-21E04888F3EA"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv042_dual_wan_vpn_router_firmware:4.0.2.8:*:*:*:*:*:*:*","matchCriteriaId":"00D012E7-A12E-44ED-8173-C8B254902886"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"303C48D9-1069-486B-8933-F51DFC82EDAC"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.7:*:*:*:*:*:*:*","matchCriteriaId":"F5F4636E-25F8-40E3-909F-CB9B93E290E5"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.8:*:*:*:*:*:*:*","matchCriteriaId":"FDB96FF7-13B9-482F-85E7-C1C68287CF41"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv082_dual_wan_vpn_router_firmware:4.0.0.7:*:*:*:*:*:*:*","matchCriteriaId":"CF1CDD04-A345-4982-A055-BBC990873C4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:cisco:rv082_dual_wan_vpn_router_firmware:4.0.2.8:*:*:*:*:*:*:*","matchCriteriaId":"1C92A1CD-5AE8-421E-A813-A2738219B673"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2015","CveId":"6418","Ordinal":"1","Title":"CVE-2015-6418","CVE":"CVE-2015-6418","Year":"2015"},"notes":[{"CveYear":"2015","CveId":"6418","Ordinal":"1","NoteData":"The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.","Type":"Description","Title":"CVE-2015-6418"},{"CveYear":"2015","CveId":"6418","Ordinal":"2","NoteData":"2015-12-12","Type":"Other","Title":"Published"},{"CveYear":"2015","CveId":"6418","Ordinal":"3","NoteData":"2016-12-05","Type":"Other","Title":"Modified"}]}}}