Search
Find a vulnerability
Search criteria
2 vulnerabilities found for wap200_firmware by cisco
CVE-2015-6358 (GCVE-0-2015-6358)
Vulnerability from nvd – Published: 2017-10-12 15:00 – Updated: 2024-08-06 07:22
VLAI
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/566724 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id/1034258 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/78047 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1034255 | vdb-entryx_refsource_SECTRACK |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://www.securitytracker.com/id/1034257 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1034256 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-11-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T14:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#566724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6358",
"datePublished": "2017-10-12T15:00:00.000Z",
"dateReserved": "2015-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:22:20.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6358 (GCVE-0-2015-6358)
Vulnerability from cvelistv5 – Published: 2017-10-12 15:00 – Updated: 2024-08-06 07:22
VLAI
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://www.kb.cert.org/vuls/id/566724 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securitytracker.com/id/1034258 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/78047 | vdb-entryx_refsource_BID |
| http://www.securitytracker.com/id/1034255 | vdb-entryx_refsource_SECTRACK |
| http://tools.cisco.com/security/center/content/Ci… | vendor-advisoryx_refsource_CISCO |
| http://www.securitytracker.com/id/1034257 | vdb-entryx_refsource_SECTRACK |
| http://www.securitytracker.com/id/1034256 | vdb-entryx_refsource_SECTRACK |
Date Public
2015-11-25 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T14:57:01.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#566724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6358",
"datePublished": "2017-10-12T15:00:00.000Z",
"dateReserved": "2015-08-17T00:00:00.000Z",
"dateUpdated": "2024-08-06T07:22:20.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}