Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2015-4217

Опубликовано: 26 июн. 2015
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:cisco:content_security_management_virtual_appliance:8.4.0.0150:*:*:*:*:*:*:*
cpe:2.3:a:cisco:content_security_management_virtual_appliance:9.0.0.087:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_virtual_appliance:8.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_virtual_appliance:8.5.6:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_virtual_appliance:8.5.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:email_security_virtual_appliance:9.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_virtual_appliance:7.7.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_virtual_appliance:8.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_virtual_appliance:8.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_virtual_appliance:8.5.1:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_virtual_appliance:8.6.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:web_security_virtual_appliance:8.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 71%
0.00684
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

github логотип

GHSA-rwpv-8h6r-wrrr

github
больше 3 лет назад

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.

EPSS

Процентиль: 71%
0.00684
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200