Sign-up

ID

VAR-201512-0393


CVE

CVE-2015-6418


TITLE

Cisco Small Business RV Router and SA500 Security Appliance In the random number generator running on TLS Vulnerabilities that identify key pairs

Trust: 0.8

sources: JVNDB: JVNDB-2015-006398

DESCRIPTION

The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224. Vendors have confirmed this vulnerability Bug ID CSCus15224 It is released as.Through unspecified calculations in the handshake of key exchange data by a third party, TLS Key pairs may be identified. The Cisco Small Business RV Series Routers provide virtual private network technology remotely. An attacker can exploit this issue to obtain sensitive information by conducting a man-in-the-middle attack. This may lead to other attacks. This issue is being tracked by following Cisco Bug IDs: CSCus15224 CSCus15238 CSCus15436 CSCus15440 CSCus15446 CSCus15451 CSCus15463

Trust: 2.61

sources: NVD: CVE-2015-6418 // JVNDB: JVNDB-2015-006398 // CNVD: CNVD-2015-08068 // BID: 78876 // VULHUB: VHN-84379 // VULMON: CVE-2015-6418

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-08068

AFFECTED PRODUCTS

vendor:ciscomodel:rv082 dual wan vpn routerscope:eqversion:4.0.2.8

Trust: 2.7

vendor:ciscomodel:rv082 dual wan vpn routerscope:eqversion:4.0.0.7

Trust: 2.1

vendor:ciscomodel:rv042 dual wan vpn routerscope:eqversion:4.0.2.8

Trust: 2.1

vendor:ciscomodel:rv016 multi-wan vpnscope:eqversion:4.0.5.0

Trust: 1.6

vendor:ciscomodel:rv042g dual gigabit wan vpnscope:eqversion:4.2.2.7

Trust: 1.6

vendor:ciscomodel:rv042g dual gigabit wan vpnscope:eqversion:4.2.2.8

Trust: 1.6

vendor:ciscomodel:rv016 multi-wan vpnscope:eqversion:4.0.2.8

Trust: 1.6

vendor:ciscomodel:sa520wscope:eqversion:2.2.07

Trust: 1.6

vendor:ciscomodel:sa540scope:eqversion:2.2.07

Trust: 1.6

vendor:ciscomodel:sa520scope:eqversion:2.2.07

Trust: 1.6

vendor:ciscomodel:rv042g dual gigabit wan vpnscope:eqversion:4.0.0.7

Trust: 1.6

vendor:ciscomodel:rv016 multi-wan vpnscope:eqversion:4.0.0.7

Trust: 1.6

vendor:ciscomodel:rv042g dual gigabit wan vpn routerscope:eqversion:4.2.2.8

Trust: 1.1

vendor:ciscomodel:rv042g dual gigabit wan vpn routerscope:eqversion:4.2.2.7

Trust: 1.1

vendor:ciscomodel:rv042g dual gigabit wan vpn routerscope:eqversion:4.2.1.2

Trust: 1.1

vendor:ciscomodel:rv016 multi-wan vpn routerscope:eqversion:4.0.5.0

Trust: 1.1

vendor:ciscomodel:rv016 multi-wan vpn routerscope:eqversion:4.0.2.8

Trust: 1.1

vendor:ciscomodel:rv016 multi-wan vpn routerscope:eqversion:4.0.0.7

Trust: 1.1

vendor:ciscomodel:sa520 security appliancescope:eqversion:2.2.07

Trust: 0.8

vendor:ciscomodel:sa520w security appliancescope:eqversion:2.2.07

Trust: 0.8

vendor:ciscomodel:sa540 security appliancescope:eqversion:2.2.07

Trust: 0.8

vendor:ciscomodel:small business rvscope:eqversion:4.x

Trust: 0.6

vendor:ciscomodel:sa540 security appliancescope:eqversion:2.2.7

Trust: 0.3

vendor:ciscomodel:sa520w security appliancescope:eqversion:2.2.7

Trust: 0.3

vendor:ciscomodel:sa520 security appliancescope:eqversion:2.2.7

Trust: 0.3

vendor:ciscomodel:rv082 dual wan vpn routerscope:eqversion:4.2.2.8

Trust: 0.3

sources: CNVD: CNVD-2015-08068 // BID: 78876 // JVNDB: JVNDB-2015-006398 // CNNVD: CNNVD-201512-401 // NVD: CVE-2015-6418

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6418
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6418
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2015-08068
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201512-401
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84379
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-6418
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6418
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2015-08068
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-84379
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-08068 // VULHUB: VHN-84379 // VULMON: CVE-2015-6418 // JVNDB: JVNDB-2015-006398 // CNNVD: CNNVD-201512-401 // NVD: CVE-2015-6418

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-84379 // JVNDB: JVNDB-2015-006398 // NVD: CVE-2015-6418

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-401

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201512-401

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006398

PATCH
title:cisco-sa-20151210-dwvrurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr
Trust: 0.8
title:Patch for Cisco Small Business RV Router Information Disclosure Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/68148
Trust: 0.6
title:Cisco Small Business RV Series Routers  and SA500 Series Security Appliances Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59216
Trust: 0.6
title:Cisco: Cisco Small Business RV Series and SA500 Series Dual WAN VPN Router Generated Key Pair Information Disclosure Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20151210-dwvr
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08068 // 
            
            
            
            VULMON: CVE-2015-6418 // 
            
            
            
            JVNDB: JVNDB-2015-006398 // 
            
            
            
            CNNVD: CNNVD-201512-401

EXTERNAL IDS
db:NVDid:CVE-2015-6418
Trust: 3.5
db:BIDid:78876
Trust: 2.1
db:SECTRACKid:1034409
Trust: 1.2
db:SECTRACKid:1034408
Trust: 1.2
db:JVNDBid:JVNDB-2015-006398
Trust: 0.8
db:CNNVDid:CNNVD-201512-401
Trust: 0.7
db:CNVDid:CNVD-2015-08068
Trust: 0.6
db:VULHUBid:VHN-84379
Trust: 0.1
db:VULMONid:CVE-2015-6418
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08068 // 
            
            
            
            VULHUB: VHN-84379 // 
            
            
            
            VULMON: CVE-2015-6418 // 
            
            
            
            BID: 78876 // 
            
            
            
            JVNDB: JVNDB-2015-006398 // 
            
            
            
            CNNVD: CNNVD-201512-401 // 
            
            
            
            NVD: CVE-2015-6418

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151210-dwvr
Trust: 2.8
url:http://www.securityfocus.com/bid/78876
Trust: 1.3
url:http://www.securitytracker.com/id/1034408
Trust: 1.2
url:http://www.securitytracker.com/id/1034409
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6418
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6418
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/200.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-08068 // 
            
            
            
            VULHUB: VHN-84379 // 
            
            
            
            VULMON: CVE-2015-6418 // 
            
            
            
            BID: 78876 // 
            
            
            
            JVNDB: JVNDB-2015-006398 // 
            
            
            
            CNNVD: CNNVD-201512-401 // 
            
            
            
            NVD: CVE-2015-6418

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 78876

SOURCES
db:CNVDid:CNVD-2015-08068
db:VULHUBid:VHN-84379
db:VULMONid:CVE-2015-6418
db:BIDid:78876
db:JVNDBid:JVNDB-2015-006398
db:CNNVDid:CNNVD-201512-401
db:NVDid:CVE-2015-6418

LAST UPDATE DATE
2024-11-23T22:13:21.709000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-08068date:2015-12-14T00:00:00
db:VULHUBid:VHN-84379date:2016-12-07T00:00:00
db:VULMONid:CVE-2015-6418date:2016-12-07T00:00:00
db:BIDid:78876date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006398date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-401date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6418date:2024-11-21T02:34:57.660

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-08068date:2015-12-11T00:00:00
db:VULHUBid:VHN-84379date:2015-12-13T00:00:00
db:VULMONid:CVE-2015-6418date:2015-12-13T00:00:00
db:BIDid:78876date:2015-12-10T00:00:00
db:JVNDBid:JVNDB-2015-006398date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-401date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6418date:2015-12-13T03:59:09.477