Описание
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:o:cisco:sa520:2.2.07:*:*:*:*:*:*:*
cpe:2.3:o:cisco:sa520w:2.2.07:*:*:*:*:*:*:*
cpe:2.3:o:cisco:sa540:2.2.07:*:*:*:*:*:*:*
Конфигурация 2
Одно из
cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:cisco:rv042_dual_wan_vpn_router_firmware:4.0.2.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:cisco:rv082_dual_wan_vpn_router_firmware:4.0.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cisco:rv082_dual_wan_vpn_router_firmware:4.0.2.8:*:*:*:*:*:*:*
EPSS
Процентиль: 59%
0.00388
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.
EPSS
Процентиль: 59%
0.00388
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-200