Details of VAR-201506-0305

ID

VAR-201506-0305

CVE

CVE-2015-4217

TITLE

plural Cisco Vulnerability that breaks encryption protection mechanism in remote support function of security virtual appliance

Trust: 0.8

sources: JVNDB: JVNDB-2015-003284

DESCRIPTION

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601. SSH Since the host key is used, there is a vulnerability that can break the cryptographic protection mechanism. Vendors have confirmed this vulnerability Bug ID CSCus29681 , CSCuu95676 ,and CSCuu96601 It is released as.A third party may break the cryptographic protection mechanism by using the private key information obtained from other customer installations. Multiple Cisco products are prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates from the server. An attacker can exploit this issue to bypass security restrictions and perform unauthorized actions. This may aid in further attacks. This issue is being tracked by Cisco Bug ID's CSCus29681, CSCuu95676, and CSCuu96601. The following products are affected: Cisco WSAv, ESAv, SMAv

Trust: 2.52

sources: NVD: CVE-2015-4217 // JVNDB: JVNDB-2015-003284 // CNVD: CNVD-2015-04098 // BID: 75418 // VULHUB: VHN-82178

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2015-04098

AFFECTED PRODUCTS

vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	8.5.1	Trust: 1.9
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	8.0.5	Trust: 1.9
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	7.7.5	Trust: 1.9
vendor:	cisco	model:	email security virtual appliance	scope:	eq	version:	8.5.7	Trust: 1.9
vendor:	cisco	model:	email security virtual appliance	scope:	eq	version:	8.5.6	Trust: 1.9
vendor:	cisco	model:	content security management virtual appliance	scope:	eq	version:	9.0.0.087	Trust: 1.9
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	8.5.0	Trust: 1.6
vendor:	cisco	model:	email security virtual appliance	scope:	eq	version:	9.0.0	Trust: 1.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	8.7.0	Trust: 1.6
vendor:	cisco	model:	email security virtual appliance	scope:	eq	version:	8.0.0	Trust: 1.6
vendor:	cisco	model:	content security management virtual appliance	scope:	eq	version:	8.4.0.0150	Trust: 1.3
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	8.6.0	Trust: 1.0
vendor:	cisco	model:	e email security virtual appliance	scope:	lt	version:	2015.6.25 earlier	Trust: 0.8
vendor:	cisco	model:	web security virtual appliance	scope:	lt	version:	2015.6.25 earlier	Trust: 0.8
vendor:	cisco	model:	content security management virtual appliance	scope:	lt	version:	2015.6.25 earlier	Trust: 0.8
vendor:	cisco	model:	web security virtual appliance	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	email security virtual appliance	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	security management virtual appliance devices	scope:	lt	version:	2015-06-25	Trust: 0.6
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	8.7	Trust: 0.3
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	web security virtual appliance	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	email security virtual appliance	scope:	eq	version:	9.1	Trust: 0.3
vendor:	cisco	model:	email security virtual appliance	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	email security virtual appliance	scope:	eq	version:	8.0	Trust: 0.3

sources: CNVD: CNVD-2015-04098 // BID: 75418 // JVNDB: JVNDB-2015-003284 // CNNVD: CNNVD-201506-573 // NVD: CVE-2015-4217

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-4217
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-4217
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2015-04098
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201506-573
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-82178
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-4217
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2015-04098
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-82178
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: CNVD: CNVD-2015-04098 // VULHUB: VHN-82178 // JVNDB: JVNDB-2015-003284 // CNNVD: CNNVD-201506-573 // NVD: CVE-2015-4217

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-310	Trust: 1.9

sources: VULHUB: VHN-82178 // JVNDB: JVNDB-2015-003284 // NVD: CVE-2015-4217

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-573

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201506-573

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-003284

PATCH

title:	cisco-sa-20150625-ironport	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport	Trust: 0.8
title:	39461	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=39461	Trust: 0.8
title:	cisco-sa-20150625-ironport	url:	http://www.cisco.com/cisco/web/support/JP/113/1130/1130064_cisco-sa-20150625-ironport-j.html	Trust: 0.8
title:	Cisco Virtual WSA/ESA/SMA remote-support feature patch for default SSH host key vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/60162	Trust: 0.6

sources: CNVD: CNVD-2015-04098 // JVNDB: JVNDB-2015-003284

EXTERNAL IDS

db:	NVD	id:	CVE-2015-4217	Trust: 3.4
db:	BID	id:	75418	Trust: 1.4
db:	SECTRACK	id:	1032725	Trust: 1.1
db:	SECTRACK	id:	1032726	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-003284	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-573	Trust: 0.7
db:	CNVD	id:	CNVD-2015-04098	Trust: 0.6
db:	VULHUB	id:	VHN-82178	Trust: 0.1

sources: CNVD: CNVD-2015-04098 // VULHUB: VHN-82178 // BID: 75418 // JVNDB: JVNDB-2015-003284 // CNNVD: CNNVD-201506-573 // NVD: CVE-2015-4217

REFERENCES

url:	http://tools.cisco.com/security/center/viewalert.x?alertid=39461	Trust: 2.0
url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150625-ironport	Trust: 2.0
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4217	Trust: 1.4
url:	http://www.securityfocus.com/bid/75418	Trust: 1.1
url:	http://www.securitytracker.com/id/1032725	Trust: 1.1
url:	http://www.securitytracker.com/id/1032726	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4217	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2015-04098 // VULHUB: VHN-82178 // BID: 75418 // JVNDB: JVNDB-2015-003284 // CNNVD: CNNVD-201506-573 // NVD: CVE-2015-4217

CREDITS

Cisco

Trust: 0.3

sources: BID: 75418

SOURCES

db:	CNVD	id:	CNVD-2015-04098
db:	VULHUB	id:	VHN-82178
db:	BID	id:	75418
db:	JVNDB	id:	JVNDB-2015-003284
db:	CNNVD	id:	CNNVD-201506-573
db:	NVD	id:	CVE-2015-4217

LAST UPDATE DATE

2024-11-23T22:52:43.816000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2015-04098	date:	2015-06-30T00:00:00
db:	VULHUB	id:	VHN-82178	date:	2016-12-28T00:00:00
db:	BID	id:	75418	date:	2015-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-003284	date:	2015-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201506-573	date:	2015-06-29T00:00:00
db:	NVD	id:	CVE-2015-4217	date:	2024-11-21T02:30:39.247

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2015-04098	date:	2015-06-30T00:00:00
db:	VULHUB	id:	VHN-82178	date:	2015-06-26T00:00:00
db:	BID	id:	75418	date:	2015-06-25T00:00:00
db:	JVNDB	id:	JVNDB-2015-003284	date:	2015-06-29T00:00:00
db:	CNNVD	id:	CNNVD-201506-573	date:	2015-06-29T00:00:00
db:	NVD	id:	CVE-2015-4217	date:	2015-06-26T10:59:04.343