CVE-2015-6316
First published: Fri Nov 06 2015(Updated: )
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Mobility Services Engine | =5.1_base | |
| Cisco Mobility Services Engine | =5.2_base | |
| Cisco Mobility Services Engine | =6.0_base | |
| Cisco Mobility Services Engine | =7.0_base | |
| Cisco Mobility Services Engine | =7.4.100.0 | |
| Cisco Mobility Services Engine | =7.4.110.0 | |
| Cisco Mobility Services Engine | =7.4.121.0 | |
| Cisco Mobility Services Engine | =7.4_base | |
| Cisco Mobility Services Engine | =7.5.102.101 | |
| Cisco Mobility Services Engine | =7.6.100.0 | |
| Cisco Mobility Services Engine | =7.6.120.0 | |
| Cisco Mobility Services Engine | =7.6.132.0 | |
| Cisco Mobility Services Engine | =8.0\(110.0\) | |
| Cisco Mobility Services Engine | =8.0_base |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6316?
CVE-2015-6316 is considered high severity due to the risk of unauthorized access via the oracle account in Cisco Mobility Services Engine.
How do I fix CVE-2015-6316?
To fix CVE-2015-6316, disable the oracle account in the sshd_config file or restrict its access permissions in the Cisco Mobility Services Engine.
Which versions of Cisco Mobility Services Engine are affected by CVE-2015-6316?
CVE-2015-6316 affects multiple versions including 5.1_base, 5.2_base, 6.0_base, 7.x series, and 8.0_base of Cisco Mobility Services Engine.
What potential attacks can exploit CVE-2015-6316?
An attacker could leverage CVE-2015-6316 to remotely access the system by exploiting the default oracle account's hardcoded password.
Is there a patch available for CVE-2015-6316?
While there may not be a direct patch, the recommendation is to change the default configuration and disable the oracle account to mitigate the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/references
- agent/last-modified-date
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- vendor/cisco
- canonical/cisco mobility services engine
- version/cisco mobility services engine/5.1_base
- version/cisco mobility services engine/5.2_base
- version/cisco mobility services engine/6.0_base
- version/cisco mobility services engine/7.0_base
- version/cisco mobility services engine/7.4.100.0
- version/cisco mobility services engine/7.4.110.0
- version/cisco mobility services engine/7.4.121.0
- version/cisco mobility services engine/7.4_base
- version/cisco mobility services engine/7.5.102.101
- version/cisco mobility services engine/7.6.100.0
- version/cisco mobility services engine/7.6.120.0
- version/cisco mobility services engine/7.6.132.0
- version/cisco mobility services engine/8.0\(110.0\)
- version/cisco mobility services engine/8.0_base