CVE-2015-6358: Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat…

medium5.9CVSS 3.0

AVNACHPRNUINSUCHINAN

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Affected

25 ranges

Vendor	Product	Version range	Fixed in
cisco	products_confidential	—	—
cisco	pvc2300_firmware	<= 1.1.2.6	—
cisco	rtp300_firmware	<= 3.1.24	—
cisco	rv120w_firmware	<= 1.0.5.9	—
cisco	rv180_firmware	<= 1.0.5.4	—
cisco	rv180w_firmware	<= 1.0.5.4	—
cisco	rv220w_firmware	<= 1.0.4.17	—
cisco	rv315w_firmware	<= 1.01.03	—
cisco	rv320_firmware	<= 1.3.1.10	—
cisco	rv325_firmware	<= 1.3.1.10	—
cisco	rvs4000_firmware	<= 2.0.3.4	—
cisco	spa400_firmware	<= 1.1.2.2	—
cisco	srp520-u_firmware	<= 1.2.6	—
cisco	srp520_firmware	<= 1.01.29	—
cisco	srw224p_firmware	<= 2.0.2.4	—
cisco	wap2000_firmware	<= 2.0.8.0	—
cisco	wap200_firmware	<= 2.0.6.0	—
cisco	wap4400n_firmware	<= -	—
cisco	wap4410n_firmware	<= 2.0.7.8	—
cisco	wet200_firmware	<= 2.0.8.0	—
cisco	wrp500_firmware	<= 1.0.1.002	—
cisco	wrv200_firmware	—	—
cisco	wrv210_firmware	<= 2.0.1.5	—
cisco	wrvs4400n_firmware	<= 2.0.2.2	—
cisco	wvc2300_firmware	<= 1.1.2.6	—