CVE-2015-6358 (CNNVD-201511-426)

MEDIUM
中文标题:
多款Cisco产品安全漏洞
英文标题:
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the f...
CVSS分数: 5.9
发布时间: 2017-10-12 15:00:00
漏洞类型: 授权问题
状态: PUBLISHED
数据质量分数: 0.30
数据版本: v3
漏洞描述
中文描述:

Cisco RV320 Dual Gigabit WAN VPN等都是美国思科(Cisco)公司的路由器产品。 多款Cisco产品的加密机制中存在安全漏洞,该漏洞源于程序没有生成唯一的密钥和证书。远程攻击者可通过实施暴力破解攻击利用该漏洞解密用户的机密信息。以下产品受到影响:Cisco RV320 Dual Gigabit WAN VPN Router,RV325 Dual Gigabit WAN VPN Router,RV325 Dual WAN Gigabit VPN Router,RVS4000 4-port Gigabit Security Router - VPN,WRV210 Wireless-G VPN Router - RangeBooster,WAP4410N Wireless-N Access Point - PoE/Advanced Security,WRV200 Wireless-G VPN Router - RangeBooster,WRVS4400N Wireless。

英文描述:

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

CWE类型:
CWE-295
标签:
(暂无数据)
受影响产品
厂商 产品 版本 版本范围 平台 CPE
cisco rv320_firmware * - - cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:*
cisco rv325_firmware * - - cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:*
cisco rvs4000_firmware * - - cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*
cisco wrv210_firmware * - - cpe:2.3:o:cisco:wrv210_firmware:*:*:*:*:*:*:*:*
cisco wap4410n_firmware * - - cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:*
cisco wrv200_firmware 1.0.39 - - cpe:2.3:o:cisco:wrv200_firmware:1.0.39:*:*:*:*:*:*:*
cisco wrvs4400n_firmware * - - cpe:2.3:o:cisco:wrvs4400n_firmware:*:*:*:*:*:*:*:*
cisco wap200_firmware * - - cpe:2.3:o:cisco:wap200_firmware:*:*:*:*:*:*:*:*
cisco wvc2300_firmware * - - cpe:2.3:o:cisco:wvc2300_firmware:*:*:*:*:*:*:*:*
cisco pvc2300_firmware * - - cpe:2.3:o:cisco:pvc2300_firmware:*:*:*:*:*:*:*:*
cisco srw224p_firmware * - - cpe:2.3:o:cisco:srw224p_firmware:*:*:*:*:*:*:*:*
cisco wet200_firmware * - - cpe:2.3:o:cisco:wet200_firmware:*:*:*:*:*:*:*:*
cisco wap2000_firmware * - - cpe:2.3:o:cisco:wap2000_firmware:*:*:*:*:*:*:*:*
cisco wap4400n_firmware * - - cpe:2.3:o:cisco:wap4400n_firmware:*:*:*:*:*:*:*:*
cisco rv120w_firmware * - - cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*
cisco rv180_firmware * - - cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*
cisco rv180w_firmware * - - cpe:2.3:o:cisco:rv180w_firmware:*:*:*:*:*:*:*:*
cisco rv315w_firmware * - - cpe:2.3:o:cisco:rv315w_firmware:*:*:*:*:*:*:*:*
cisco srp520_firmware * - - cpe:2.3:o:cisco:srp520_firmware:*:*:*:*:*:*:*:*
cisco srp520-u_firmware * - - cpe:2.3:o:cisco:srp520-u_firmware:*:*:*:*:*:*:*:*
cisco wrp500_firmware * - - cpe:2.3:o:cisco:wrp500_firmware:*:*:*:*:*:*:*:*
cisco spa400_firmware * - - cpe:2.3:o:cisco:spa400_firmware:*:*:*:*:*:*:*:*
cisco rtp300_firmware * - - cpe:2.3:o:cisco:rtp300_firmware:*:*:*:*:*:*:*:*
cisco rv220w_firmware * - - cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*
解决方案
中文解决方案:
(暂无数据)
英文解决方案:
(暂无数据)
临时解决方案:
(暂无数据)
参考链接
VU#566724 third-party-advisory
cve.org
访问
1034258 vdb-entry
cve.org
访问
78047 vdb-entry
cve.org
访问
1034255 vdb-entry
cve.org
访问
20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability vendor-advisory
cve.org
访问
1034257 vdb-entry
cve.org
访问
1034256 vdb-entry
cve.org
访问
CVSS评分详情
5.9
MEDIUM
CVSS向量: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS版本: 3.0
机密性
HIGH
完整性
NONE
可用性
NONE
时间信息
发布时间:
2017-10-12 15:00:00
修改时间:
2024-08-06 07:22:20
创建时间:
2025-11-11 15:34:07
更新时间:
2025-11-11 15:52:17
利用信息
暂无可利用代码信息
数据源详情
数据源 记录ID 版本 提取时间
CVE cve_CVE-2015-6358 2025-11-11 15:18:59 2025-11-11 07:34:07
NVD nvd_CVE-2015-6358 2025-11-11 14:54:55 2025-11-11 07:42:48
CNNVD cnnvd_CNNVD-201511-426 2025-11-11 15:09:37 2025-11-11 07:52:17
版本与语言
当前版本: v3
主要语言: EN
支持语言:
EN ZH
安全公告
暂无安全公告信息
变更历史
v3 CNNVD
2025-11-11 15:52:17
vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-201511-426; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']
查看详细变更
  • vulnerability_type: 未提取 -> 授权问题
  • cnnvd_id: 未提取 -> CNNVD-201511-426
  • data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']
v2 NVD
2025-11-11 15:42:48
cvss_score: 未提取 → 5.9; cvss_vector: NOT_EXTRACTED → CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N; cvss_version: NOT_EXTRACTED → 3.0; affected_products_count: 0 → 24; data_sources: ['cve'] → ['cve', 'nvd']
查看详细变更
  • cvss_score: 未提取 -> 5.9
  • cvss_vector: NOT_EXTRACTED -> CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • cvss_version: NOT_EXTRACTED -> 3.0
  • affected_products_count: 0 -> 24
  • data_sources: ['cve'] -> ['cve', 'nvd']