exploitDog

CVE-2015-7923

Опубликовано: 30 янв. 2016

Источник: nvd

CVSS3: 9

CVSS2: 9.3

EPSS Низкий

Описание

Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

Ссылки

https://ics-cert.us-cert.gov/advisories/ICSA-16-028-01
Third Party Advisory
US Government Resource
https://ics-cert.us-cert.gov/advisories/ICSA-16-028-01
Third Party Advisory
US Government Resource

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:westermo:weos:4.18.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.00237

Низкий

9 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-310

Связанные уязвимости

GHSA-35hv-m5vp-r3wp

CVSS3: 9

github

больше 3 лет назад

Westermo WeOS before 4.19.0 uses the same SSL private key across different customers' installations, which makes it easier for man-in-the-middle attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a key.

EPSS

Процентиль: 47%

0.00237

Низкий

9 Critical

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-310