CVE-2015-6358

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Severity	MEDIUM
CVSS	5.9
CWE	CWE-295
KEV
Published	8 years ago
Modified	6 days ago

Related Products

Product	Advisory	Evidence
SPA400 Internet Telephony Gateway with 4FXO Ports	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco WVC2300 Wireless-G Business Internet Video Camera - Audio Firmware	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco WRV210 Wireless-G VPN Router with RangeBooster	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco WRP500 Wireless-AC Broadband Router with 2 Phone Ports	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco Small Business Wireless Access Points Firmware	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco Small Business Video Surveillance Cameras Firmware	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco Small Business SRP500 Series Services Ready Platforms	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco Small Business RV Series Router Firmware	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco Small Business IP Phones	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco SRW224P 24-port 10 100 + 2-port Gigabit Switch - WebView PoE	cisco-sa-20151125-ci	Cisco OpenVuln
Cisco SPA400 Internet Telephony Gateway with 4FXO Ports	cisco-sa-20151125-ci	Cisco OpenVuln