CVE-2015-6358
Description
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
1.998
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability For Cisco Small Business SRP500 Series Services Ready Platforms | NCM |
| Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability For Cisco Small Business RV Series Routers | NCM |
| Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability For Cisco Small Business Wireless Access Points | NCM |
| Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability For Cisco Small Business Video Monitoring System | NCM |
| Improper Certificate Validation Vulnerability (CVE-2015-6358) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-1702209 | Security Update for Cisco Small Business SRP500 Series Services Ready Platforms 1.3.2.2 |
| PATCH-1705925 | Security Update for Cisco Small Business RV Series Routers 1.0.3.16 |
| PATCH-1705261 | Security Update for Cisco Small Business Wireless Access Points 1.1.3.2 |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234