CVE-2015-6358
Severity
5.9MEDIUM
EPSS
2.0%
top 16.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 12
Latest updateMay 17
Description
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSC…
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6
Affected Packages24 packages
Patches
🔴Vulnerability Details
2📋Vendor Advisories
1Cisco▶
Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability↗2015-11-25