Vulnslist

find the latest Cisco vulnerabilities

Cisco Cloud Portal Appliance Pregenerated Default Host Keys Vulnerability

Cisco-SA-20150616-CVE-2015-4190 · Medium · Published · Updated

A vulnerability in Cisco Cloud Portal Appliance could aid an unauthenticated, remote attacker in performing a man-in-the-middle attack. The vulnerability is due to a design error in the affected software. An unauthenticated, remote attacker could exploit this vulnerability to perform a man-in-the-middle attack against a user logging in to a targeted device. A successful exploit could be used to conduct further attacks. Cisco has confirmed the vulnerability and released software updates. Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Cisco advisory ·CSAF JSON

Workarounds

Administrators are advised to apply the appropriate updates.

Administrators are advised to allow only trusted users to have network access.

Administrators are advised to monitor affected systems.

CVEsCVE-2015-4190
Cisco Bug IDsCSCuh19683
CVSS ScoreBase 5.0
Base 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Prime Service Catalog

CSAF Product Statuses

Product Status Source CVE Rows
Cisco Prime Service Catalog known_affected cisco_csaf CVE-2015-4190 1

Related Products

Product CVE Evidence
Cisco Cloud Portal CVE-2015-4190 Cisco OpenVuln
Cisco Prime Service Catalog CVE-2015-4190 Cisco OpenVuln