CVE-2015-6316

CWE-2556 documents5 sources

Severity

6.5MEDIUM

EPSS

0.6%

top 31.37%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Mobility Services Engine

Timeline

PublishedNov 6

Latest updateMay 17

Description

The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 8.0 | Impact: 6.4

Affected Packages1 packages

▶NVDcisco/mobility_services_engine14 versions+13

🔴Vulnerability Details

GHSA

GHSA-qh56-pj29-rjh8: The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8↗2022-05-17

▶

CVEList

CVE-2015-6316: The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8↗2015-11-06

▶

📋Vendor Advisories

Cisco

Cisco Mobility Services Engine Static Credential Vulnerability↗2015-11-05

▶

💬Community

Bugzilla

CVE-2015-1042 mantis: URL redirection issue (incomplete fix for CVE-2014-6316)↗2015-01-12

▶