ID
VAR-201511-0003
CVE
CVE-2015-6316
TITLE
Cisco Mobility Services Engine sshd_config Trust Management Vulnerability
Trust: 1.2
sources:
CNVD: CNVD-2015-07468 //
CNNVD: CNNVD-201511-107
DESCRIPTION
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501. The platform collects, stores, and manages data from wireless clients, Cisco access points, and controllers. A security vulnerability exists in the default configuration of sshd_config in Cisco MSE 8.0.120.7 and earlier. Because the program allows login using the oracle account. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCuv40501
Trust: 2.52
sources:
NVD: CVE-2015-6316 //
JVNDB: JVNDB-2015-005769 //
CNVD: CNVD-2015-07468 //
BID: 77432 //
VULHUB: VHN-84277
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
sources:
CNVD: CNVD-2015-07468
AFFECTED PRODUCTS
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.4.110.0 | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.4.100.0 | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 5.1_base | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 8.0\(110.0\) | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.4_base | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 6.0_base | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 5.2_base | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.4.121.0 | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.0_base | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 8.0_base | Trust: 1.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.6.132.0 | Trust: 1.0 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.6.100.0 | Trust: 1.0 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.5.102.101 | Trust: 1.0 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.6.120.0 | Trust: 1.0 |
| vendor: | cisco | model: | mobility services engine | scope: | lte | version: | 8.0.120.7 | Trust: 0.8 |
| vendor: | cisco | model: | mobility services engine | scope: | lte | version: | <=8.0.120.7 | Trust: 0.6 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 8.0.120.7 | Trust: 0.3 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 8.0.120.1 | Trust: 0.3 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 8.0(110.0) | Trust: 0.3 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 7.0 | Trust: 0.3 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 10.2.0 | Trust: 0.3 |
| vendor: | cisco | model: | mobility services engine | scope: | eq | version: | 10.0 | Trust: 0.3 |
sources:
CNVD: CNVD-2015-07468 //
BID: 77432 //
JVNDB: JVNDB-2015-005769 //
CNNVD: CNNVD-201511-107 //
NVD: CVE-2015-6316
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
sources:
CNVD: CNVD-2015-07468 //
VULHUB: VHN-84277 //
JVNDB: JVNDB-2015-005769 //
CNNVD: CNNVD-201511-107 //
NVD: CVE-2015-6316
PROBLEMTYPE DATA
| problemtype: | CWE-255 | Trust: 1.9 |
sources:
VULHUB: VHN-84277 //
JVNDB: JVNDB-2015-005769 //
NVD: CVE-2015-6316
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-201511-107
TYPE
trust management
Trust: 0.6
sources:
CNNVD: CNNVD-201511-107
CONFIGURATIONS
sources:
JVNDB: JVNDB-2015-005769
PATCH
| title: | cisco-sa-20151104-mse-cred | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred | Trust: 0.8 |
| title: | Cisco Mobility Services Engine sshd_config Trust Management Vulnerability Patch | url: | https://www.cnvd.org.cn/patchInfo/show/66505 | Trust: 0.6 |
| title: | Cisco Mobility Services Engine sshd_config Repair measures for trust management vulnerabilities | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=58602 | Trust: 0.6 |
sources:
CNVD: CNVD-2015-07468 //
JVNDB: JVNDB-2015-005769 //
CNNVD: CNNVD-201511-107
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6316 | Trust: 3.4 |
| db: | BID | id: | 77432 | Trust: 1.4 |
| db: | SECTRACK | id: | 1034065 | Trust: 1.1 |
| db: | JVNDB | id: | JVNDB-2015-005769 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201511-107 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-07468 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-84277 | Trust: 0.1 |
sources:
CNVD: CNVD-2015-07468 //
VULHUB: VHN-84277 //
BID: 77432 //
JVNDB: JVNDB-2015-005769 //
CNNVD: CNNVD-201511-107 //
NVD: CVE-2015-6316
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151104-mse-cred | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/77432 | Trust: 1.1 |
| url: | http://www.securitytracker.com/id/1034065 | Trust: 1.1 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6316 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6316 | Trust: 0.8 |
| url: | http://www.cisco.com/ | Trust: 0.3 |
| url: | https://blogs.securiteam.com/index.php/archives/2928 | Trust: 0.3 |
sources:
CNVD: CNVD-2015-07468 //
VULHUB: VHN-84277 //
BID: 77432 //
JVNDB: JVNDB-2015-005769 //
CNNVD: CNNVD-201511-107 //
NVD: CVE-2015-6316
CREDITS
Cisco
Trust: 0.3
sources:
BID: 77432
SOURCES
| db: | CNVD | id: | CNVD-2015-07468 |
| db: | VULHUB | id: | VHN-84277 |
| db: | BID | id: | 77432 |
| db: | JVNDB | id: | JVNDB-2015-005769 |
| db: | CNNVD | id: | CNNVD-201511-107 |
| db: | NVD | id: | CVE-2015-6316 |
LAST UPDATE DATE
2024-11-23T23:05:37.914000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-07468 | date: | 2015-11-12T00:00:00 |
| db: | VULHUB | id: | VHN-84277 | date: | 2017-01-06T00:00:00 |
| db: | BID | id: | 77432 | date: | 2017-01-12T04:10:00 |
| db: | JVNDB | id: | JVNDB-2015-005769 | date: | 2015-11-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-107 | date: | 2015-11-09T00:00:00 |
| db: | NVD | id: | CVE-2015-6316 | date: | 2024-11-21T02:34:46.113 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-07468 | date: | 2015-11-12T00:00:00 |
| db: | VULHUB | id: | VHN-84277 | date: | 2015-11-06T00:00:00 |
| db: | BID | id: | 77432 | date: | 2015-11-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005769 | date: | 2015-11-09T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-107 | date: | 2015-11-09T00:00:00 |
| db: | NVD | id: | CVE-2015-6316 | date: | 2015-11-06T11:59:04.777 |