Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerability

cisco-sa-20151210-dwvr · Medium · Published · Updated

A vulnerability in the HTTPS session key exchange process of certain Cisco Small Business RV Series Routers and Cisco SA500 Series Security Appliances could allow an unauthenticated, remote attacker to obtain the key pair used in the Transport Layer Security (TLS) session from the affected device. The vulnerability is due to insufficient sources of entropy used by the random number generator. An attacker could exploit this vulnerability by gathering large amounts of TLS handshake data to predict the random numbers generated for the key pair. An exploit could allow the attacker to decrypt session data between a host and the affected device. Cisco has released software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr

Cisco advisory · CSAF JSON

Workarounds

Workarounds are not available.

CVEsCVE-2015-6418
Cisco Bug IDsCSCus15224, CSCus15238, CSCus15436, CSCus15440, CSCus15446, CSCus15451, CSCus15463
CVSS ScoreBase 4.3
Base 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Small Business SA 500 Series Security Appliances, Cisco Small Business RV Series Router Firmware

Related Products

Product CVE Evidence
Cisco Small Business SA 500 Series Security Appliances CVE-2015-6418 Cisco OpenVuln
Cisco Small Business RV Series Router Firmware CVE-2015-6418 Cisco OpenVuln
Cisco SA500 Series Security Appliance CVE-2015-6418 Cisco OpenVuln