What is the severity of CVE-2015-6358?

CVE-2015-6358 has a high severity rating due to its potential for remote exploitation and the ability to conduct man-in-the-middle attacks.

How do I fix CVE-2015-6358?

To fix CVE-2015-6358, update the affected Cisco firmware to a version that does not include hardcoded X.509 certificates and SSH host keys.

Which devices are affected by CVE-2015-6358?

Devices such as Cisco RV320, RV325, RVS4000, WRV210, and WAP4410N firmware are among those affected by CVE-2015-6358.

What attacks can CVE-2015-6358 enable?

CVE-2015-6358 can enable remote attackers to bypass cryptographic protections and perform man-in-the-middle attacks.

Is CVE-2015-6358 still a risk for unpatched devices?

Yes, CVE-2015-6358 remains a significant risk for any unpatched Cisco devices that utilize the impacted firmware versions.

Vulnerability/
CVE-2015-6358

medium

5.9

CWE

295

12/10/2017

6/8/2024

CVE-2015-6358

First published: Thu Oct 12 2017(Updated: )

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco RV320 Firmware	<=1.3.1.10
Cisco RV320 Firmware
Cisco RV325 firmware	<=1.3.1.10
Cisco RV325 Router
Cisco RVS4000	<=2.0.3.4
Cisco RVS4000 Firmware
Cisco WRV210	<=2.0.1.5
Cisco WRV210 Wireless-G VPN Router
Cisco WAP4410N Firmware	<=2.0.7.8
Cisco WAP4410N Firmware
Cisco WRV200	=1.0.39
Cisco WRV200 Wireless-G VPN Router
Cisco WRVS4400N	<=2.0.2.2
Cisco WRVS4400N Wireless-N Gigabit Security Router
Cisco WAP200 Firmware	<=2.0.6.0
Cisco WAP200 Firmware
Cisco WVC2300	<=1.1.2.6
Cisco WVC2300 Firmware
Cisco PVC2300	<=1.1.2.6
Cisco PVC2300 Firmware
Cisco SRW224P Firmware	<=2.0.2.4
Cisco SRW224P Firmware
Cisco WET200	<=2.0.8.0
Cisco WET200 Firmware
Cisco WAP2000 Firmware	<=2.0.8.0
Cisco WAP2000 Firmware
Cisco WAP4400N	<=-
Linksys WAP4400N
Cisco RV120W Firmware	<=1.0.5.9
Cisco RV120W Firmware
Cisco RV180 Firmware	<=1.0.5.4
Cisco RV180W VPN Router
Cisco RV180 Firmware	<=1.0.5.4
Cisco RV180W VPN Router
Cisco RV315W	<=1.01.03
Cisco RV315W Firmware
Cisco SRP520-U Firmware	<=1.01.29
Cisco SRP520 Firmware
Cisco Small Business SRP520-U Series Firmware	<=1.2.6
Cisco SRP520-U Firmware
Cisco WRP500 Firmware	<=1.0.1.002
Cisco WRP500 Firmware
Cisco SPA400 Firmware	<=1.1.2.2
Cisco SPA400 Firmware
Cisco RTP300	<=3.1.24
Cisco RTP300 Firmware
Cisco RV220W	<=1.0.4.17
Cisco RV220W

Remedy

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-6358?
CVE-2015-6358 has a high severity rating due to its potential for remote exploitation and the ability to conduct man-in-the-middle attacks.
How do I fix CVE-2015-6358?
To fix CVE-2015-6358, update the affected Cisco firmware to a version that does not include hardcoded X.509 certificates and SSH host keys.
Which devices are affected by CVE-2015-6358?
Devices such as Cisco RV320, RV325, RVS4000, WRV210, and WAP4410N firmware are among those affected by CVE-2015-6358.
What attacks can CVE-2015-6358 enable?
CVE-2015-6358 can enable remote attackers to bypass cryptographic protections and perform man-in-the-middle attacks.
Is CVE-2015-6358 still a risk for unpatched devices?
Yes, CVE-2015-6358 remains a significant risk for any unpatched Cisco devices that utilize the impacted firmware versions.

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/references
agent/author
agent/remedy
agent/last-modified-date
agent/first-publish-date
agent/description
agent/event
agent/source
agent/tags
agent/softwarecombine
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco rv320 firmware
version/cisco rv320 firmware/1.3.1.10
canonical/cisco rv325 firmware
version/cisco rv325 firmware/1.3.1.10
canonical/cisco rv325 router
canonical/cisco rvs4000
version/cisco rvs4000/2.0.3.4
canonical/cisco rvs4000 firmware
canonical/cisco wrv210
version/cisco wrv210/2.0.1.5
canonical/cisco wrv210 wireless-g vpn router
canonical/cisco wap4410n firmware
version/cisco wap4410n firmware/2.0.7.8
canonical/cisco wrv200
version/cisco wrv200/1.0.39
canonical/cisco wrv200 wireless-g vpn router
canonical/cisco wrvs4400n
version/cisco wrvs4400n/2.0.2.2
canonical/cisco wrvs4400n wireless-n gigabit security router
canonical/cisco wap200 firmware
version/cisco wap200 firmware/2.0.6.0
canonical/cisco wvc2300
version/cisco wvc2300/1.1.2.6
canonical/cisco wvc2300 firmware
canonical/cisco pvc2300
version/cisco pvc2300/1.1.2.6
canonical/cisco pvc2300 firmware
canonical/cisco srw224p firmware
version/cisco srw224p firmware/2.0.2.4
canonical/cisco wet200
version/cisco wet200/2.0.8.0
canonical/cisco wet200 firmware
canonical/cisco wap2000 firmware
version/cisco wap2000 firmware/2.0.8.0
canonical/cisco wap4400n
version/cisco wap4400n/-
canonical/linksys wap4400n
canonical/cisco rv120w firmware
version/cisco rv120w firmware/1.0.5.9
canonical/cisco rv180 firmware
version/cisco rv180 firmware/1.0.5.4
canonical/cisco rv180w vpn router
canonical/cisco rv315w
version/cisco rv315w/1.01.03
canonical/cisco rv315w firmware
canonical/cisco srp520-u firmware
version/cisco srp520-u firmware/1.01.29
canonical/cisco srp520 firmware
canonical/cisco small business srp520-u series firmware
version/cisco small business srp520-u series firmware/1.2.6
canonical/cisco wrp500 firmware
version/cisco wrp500 firmware/1.0.1.002
canonical/cisco spa400 firmware
version/cisco spa400 firmware/1.1.2.2
canonical/cisco rtp300
version/cisco rtp300/3.1.24
canonical/cisco rtp300 firmware
canonical/cisco rv220w
version/cisco rv220w/1.0.4.17