Sign-up

ID

VAR-201509-0007


CVE

CVE-2015-6280


TITLE

Cisco IOS and IOS XE of SSHv2 Vulnerability in obtaining login access rights in functions

Trust: 0.8

sources: JVNDB: JVNDB-2015-004952

DESCRIPTION

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013. Cisco IOS is the interconnected network operating system used on most Cisco system routers and network switches. A remote attacker could exploit this vulnerability to bypass the user authentication mechanism. This may lead to further attacks. This issue is tracked by Cisco Bug ID CSCus73013. 3.11S version before 4S, 3.12S version before 3.12.3S, 3.13S version before 3.13.3S, 3.14S version before 3.14.1S

Trust: 2.52

sources: NVD: CVE-2015-6280 // JVNDB: JVNDB-2015-004952 // CNVD: CNVD-2015-06343 // BID: 76826 // VULHUB: VHN-84241

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-06343

AFFECTED PRODUCTS

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)cg

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)e1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)cg1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)s1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)t

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)s1

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.2\(3\)e

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)s2

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)s

Trust: 1.6

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t

Trust: 1.6

vendor:ciscomodel:ios 15.2 escope: - version: -

Trust: 1.2

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13s.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6e.0b

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11s.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2a\)e1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13s.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)m3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10s.2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10s.5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.5\(1\)s

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10s.3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)s2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.13s.0

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12s.0

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11s.1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6e.1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)m4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)s4

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10s.0a

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10s.01

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11s.3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)s3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)e2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12s.1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(3\)ea

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6e.0

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10s.0

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6e.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)m

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(3a\)e

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)s2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.11s.0

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2a\)e2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6e.0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)ea1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.7e.0

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)s2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(2\)t2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.14s.0

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)s1

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10s.1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)m2

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.6e.2a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(1\)sy0a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)cg

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)s

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)s1a

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)m1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.2\(2\)e

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.12s.2

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)s3

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)m5

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(3\)s1

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.3\(3\)s5

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:3.10s.4

Trust: 1.0

vendor:ciscomodel:iosscope:eqversion:15.4\(1\)t3

Trust: 1.0

vendor:ciscomodel:ios 15.4 s1scope: - version: -

Trust: 0.9

vendor:ciscomodel:ios xescope:eqversion:3.10.6s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.6.3e

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.14s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.13.3s

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.2

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.11s

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.13s

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.12s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.14.1s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.11.4s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.12.3s

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.4

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.5

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.6e

Trust: 0.8

vendor:ciscomodel:iosscope:eqversion:15.3

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.7e

Trust: 0.8

vendor:ciscomodel:ios xescope:ltversion:3.10s

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:3.7.1e

Trust: 0.8

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.6

vendor:ciscomodel:iosscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.4 sn1scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.4 sscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.4 t2scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.4 t1scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.4 tscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.4 s2scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.4 cgscope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.2 e2scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios 15.2 e1scope: - version: -

Trust: 0.6

vendor:ciscomodel:ios xe software 3.7e.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.6e.2ascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.6e.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.6e.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.6e.0ascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.6e.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.14s.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.13s.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.13s.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.12s.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.12s.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.12s.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.11s.3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.10s.5scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.10s.4scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.10s.3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.10s.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.10s.1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.10s.0ascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.10s.01scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.10s.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5snscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5 tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5 snscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.5 sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4tscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4snscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4cgscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4 sn1ascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4 s0escope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4 s0dscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4 m2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4 m1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4 t3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4 s3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.4 cg1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3xbscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3mscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 xb12scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 s5scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 s4scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 s3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 s2ascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 s2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 sscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 m5scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 m4scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 m3scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 m2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.3 m1scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2escope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 15.2 sy0ascope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0syscope: - version: -

Trust: 0.3

vendor:ciscomodel:ios 12.0 sy18scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.11s.2scope: - version: -

Trust: 0.3

vendor:ciscomodel:ios xe software 3.11s.1scope: - version: -

Trust: 0.3

sources: CNVD: CNVD-2015-06343 // BID: 76826 // JVNDB: JVNDB-2015-004952 // CNNVD: CNNVD-201509-556 // NVD: CVE-2015-6280

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6280
value: HIGH

Trust: 1.0

NVD: CVE-2015-6280
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-06343
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201509-556
value: CRITICAL

Trust: 0.6

VULHUB: VHN-84241
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6280
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-06343
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84241
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-06343 // VULHUB: VHN-84241 // JVNDB: JVNDB-2015-004952 // CNNVD: CNNVD-201509-556 // NVD: CVE-2015-6280

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.9

sources: VULHUB: VHN-84241 // JVNDB: JVNDB-2015-004952 // NVD: CVE-2015-6280

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201509-556

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201509-556

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-004952

PATCH
title:cisco-sa-20150923-sshpk_cvrfurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml
Trust: 0.8
title:cisco-sa-20150923-sshpkurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk
Trust: 0.8
title:40938url:http://tools.cisco.com/security/center/viewAlert.x?alertId=40938
Trust: 0.8
title:cisco-sa-20150923-sshpkurl:http://www.cisco.com/cisco/web/support/JP/113/1135/1135335_cisco-sa-20150923-sshpk-j.html
Trust: 0.8
title:Cisco IOS/IOS XE SSHv2 Body Verification Bypass Vulnerability Patchurl:https://www.cnvd.org.cn/patchInfo/show/64808
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-06343 // 
            
            
            
            JVNDB: JVNDB-2015-004952

EXTERNAL IDS
db:NVDid:CVE-2015-6280
Trust: 3.4
db:SECTRACKid:1033646
Trust: 1.1
db:JVNDBid:JVNDB-2015-004952
Trust: 0.8
db:CNNVDid:CNNVD-201509-556
Trust: 0.7
db:CNVDid:CNVD-2015-06343
Trust: 0.6
db:BIDid:76826
Trust: 0.4
db:VULHUBid:VHN-84241
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-06343 // 
            
            
            
            VULHUB: VHN-84241 // 
            
            
            
            BID: 76826 // 
            
            
            
            JVNDB: JVNDB-2015-004952 // 
            
            
            
            CNNVD: CNNVD-201509-556 // 
            
            
            
            NVD: CVE-2015-6280

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150923-sshpk
Trust: 2.6
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml
Trust: 1.7
url:http://www.securitytracker.com/id/1033646
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6280
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6280
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://tools.cisco.com/security/center/viewalert.x?alertid=40938
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-06343 // 
            
            
            
            VULHUB: VHN-84241 // 
            
            
            
            BID: 76826 // 
            
            
            
            JVNDB: JVNDB-2015-004952 // 
            
            
            
            CNNVD: CNNVD-201509-556 // 
            
            
            
            NVD: CVE-2015-6280

CREDITS
Mathias Seiler from MiroNet AG.
Trust: 0.3
sources:
            
            
            BID: 76826

SOURCES
db:CNVDid:CNVD-2015-06343
db:VULHUBid:VHN-84241
db:BIDid:76826
db:JVNDBid:JVNDB-2015-004952
db:CNNVDid:CNNVD-201509-556
db:NVDid:CVE-2015-6280

LAST UPDATE DATE
2024-11-23T23:12:37.975000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-06343date:2015-10-09T00:00:00
db:VULHUBid:VHN-84241date:2017-01-04T00:00:00
db:BIDid:76826date:2015-09-23T00:00:00
db:JVNDBid:JVNDB-2015-004952date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-556date:2015-09-29T00:00:00
db:NVDid:CVE-2015-6280date:2024-11-21T02:34:41.753

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-06343date:2015-10-09T00:00:00
db:VULHUBid:VHN-84241date:2015-09-28T00:00:00
db:BIDid:76826date:2015-09-23T00:00:00
db:JVNDBid:JVNDB-2015-004952date:2015-09-30T00:00:00
db:CNNVDid:CNNVD-201509-556date:2015-09-29T00:00:00
db:NVDid:CVE-2015-6280date:2015-09-28T02:59:12.013