Sign-up

ID

VAR-201709-0051


CVE

CVE-2015-8251


TITLE

Embedded devices use non-unique X.509 certificates and SSH host keys

Trust: 0.8

sources: CERT/CC: VU#566724

DESCRIPTION

OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, 20E, 20 and 40 and OpenScape Desk Phone IP 35G SIP V3, OpenScape Desk Phone IP 35G Eco SIP V3, OpenStage 60 and OpenScape Desk Phone IP 55G HFA V3, OpenStage 15, 20E, 20, and 40 and OpenScape Desk Phone IP 35G HFA V3, and OpenScape Desk Phone IP 35G Eco HFA V3 use non-unique X.509 certificates and SSH host keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked. UnifyOpenStage60 and so on are all IP phones from Unify. A remote attacker could exploit the vulnerability to exploit a man-in-the-middle attack or decrypt communication between legitimate users and devices

Trust: 2.97

sources: NVD: CVE-2015-8251 // CERT/CC: VU#566724 // JVNDB: JVNDB-2015-006907 // CNVD: CNVD-2017-33799 // VULHUB: VHN-86212

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2017-33799

AFFECTED PRODUCTS

vendor:unifymodel:openscape desk phone ip 35g hfascope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openscape desk phone ip 55g sipscope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openstage 60scope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openstage 20scope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openscape desk phone ip 35g eco sipscope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openstage 40scope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openscape desk phone ip 55g hfascope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openstage 20escope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openscape desk phone ip 35g sipscope:eqversion:3.0

Trust: 1.6

vendor:unifymodel:openstage 15scope:eqversion:3.0

Trust: 1.6

vendor:actiontecmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:general electricmodel: - scope: - version: -

Trust: 0.8

vendor:huaweimodel: - scope: - version: -

Trust: 0.8

vendor:netcommmodel: - scope: - version: -

Trust: 0.8

vendor:sierramodel: - scope: - version: -

Trust: 0.8

vendor:technicolormodel: - scope: - version: -

Trust: 0.8

vendor:ubiquitimodel: - scope: - version: -

Trust: 0.8

vendor:unifymodel: - scope: - version: -

Trust: 0.8

vendor:ztemodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel:c1000zscope: - version: -

Trust: 0.8

vendor:zyxelmodel:fr1000zscope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-24scope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-8scope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1100-nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1100-nhscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1121-niscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1123-acscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1123-niscope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-660hn-51scope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-663hn-51scope: - version: -

Trust: 0.8

vendor:zyxelmodel:p8702nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:pmg5318-b20ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:q1000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3300-n000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3300-nb00scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3500-n000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b30ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b30bscope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg4380-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8324-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8924-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8924-b30ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vsg1435-b101scope: - version: -

Trust: 0.8

vendor:multiple vendorsmodel: - scope: - version: -

Trust: 0.8

vendor:unifymodel:openstagescope:eqversion:60

Trust: 0.6

vendor:unifymodel:openscape desk phone ip 55g sipscope:eqversion:v3

Trust: 0.6

vendor:unifymodel:openscape desk phone ip 35g sipscope:eqversion:v3

Trust: 0.6

vendor:unifymodel:openstagescope:eqversion:40

Trust: 0.6

vendor:unifymodel:openstagescope:eqversion:20

Trust: 0.6

vendor:unifymodel:openstage 20escope: - version: -

Trust: 0.6

vendor:unifymodel:openstagescope:eqversion:15

Trust: 0.6

vendor:unifymodel:openscape desk phone ip 55g hfascope:eqversion:v3

Trust: 0.6

vendor:unifymodel:openscape desk phone ip 35g hfascope:eqversion:v3

Trust: 0.6

vendor:unifymodel:openscape desk phone ip 35g eco hfascope:eqversion:v3

Trust: 0.6

sources: CERT/CC: VU#566724 // CNVD: CNVD-2017-33799 // JVNDB: JVNDB-2015-006907 // CNNVD: CNNVD-201709-1157 // NVD: CVE-2015-8251

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-8251
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-8251
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2017-33799
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201709-1157
value: MEDIUM

Trust: 0.6

VULHUB: VHN-86212
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-8251
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2015-8251
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

CNVD: CNVD-2017-33799
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-86212
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-8251
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.0

Trust: 1.0

sources: CNVD: CNVD-2017-33799 // VULHUB: VHN-86212 // JVNDB: JVNDB-2015-006907 // CNNVD: CNNVD-201709-1157 // NVD: CVE-2015-8251

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-86212 // NVD: CVE-2015-8251

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201709-1157

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201709-1157

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006907

PATCH
title:Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)url:http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006907

EXTERNAL IDS
db:CERT/CCid:VU#566724
Trust: 3.9
db:NVDid:CVE-2015-8251
Trust: 3.1
db:JVNid:JVNVU96100360
Trust: 0.8
db:JVNDBid:JVNDB-2015-006907
Trust: 0.8
db:CNNVDid:CNNVD-201709-1157
Trust: 0.7
db:CNVDid:CNVD-2017-33799
Trust: 0.6
db:BIDid:84118
Trust: 0.1
db:VULHUBid:VHN-86212
Trust: 0.1
sources:
            
            
            CERT/CC: VU#566724 // 
            
            
            
            CNVD: CNVD-2017-33799 // 
            
            
            
            VULHUB: VHN-86212 // 
            
            
            
            JVNDB: JVNDB-2015-006907 // 
            
            
            
            CNNVD: CNNVD-201709-1157 // 
            
            
            
            NVD: CVE-2015-8251

REFERENCES
url:http://www.kb.cert.org/vuls/id/566724
Trust: 3.1
url:https://networks.unify.com/security/advisories/obso-1511-02-a.pdf
Trust: 1.7
url:https://networks.unify.com/security/advisories/obso-1511-02.pdf
Trust: 1.7
url:https://www.kb.cert.org/vuls/id/bluu-a2ppze
Trust: 1.7
url:http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
Trust: 1.6
url:http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Trust: 0.8
url:https://www.sec-consult.com/download/certificates.html
Trust: 0.8
url:https://www.sec-consult.com/download/ssh_host_keys.html
Trust: 0.8
url:https://scans.io/
Trust: 0.8
url:https://scans.io/series/ssh-rsa-full-ipv4
Trust: 0.8
url:https://scans.io/study/sonar.ssl
Trust: 0.8
url:https://censys.io
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96100360/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7256
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-6358
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7255
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7276
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-8251
Trust: 0.8
sources:
            
            
            CERT/CC: VU#566724 // 
            
            
            
            CNVD: CNVD-2017-33799 // 
            
            
            
            VULHUB: VHN-86212 // 
            
            
            
            JVNDB: JVNDB-2015-006907 // 
            
            
            
            CNNVD: CNNVD-201709-1157 // 
            
            
            
            NVD: CVE-2015-8251

SOURCES
db:CERT/CCid:VU#566724
db:CNVDid:CNVD-2017-33799
db:VULHUBid:VHN-86212
db:JVNDBid:JVNDB-2015-006907
db:CNNVDid:CNNVD-201709-1157
db:NVDid:CVE-2015-8251

LAST UPDATE DATE
2024-11-23T22:25:43.534000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#566724date:2016-09-06T00:00:00
db:CNVDid:CNVD-2017-33799date:2017-11-14T00:00:00
db:VULHUBid:VHN-86212date:2017-10-11T00:00:00
db:JVNDBid:JVNDB-2015-006907date:2018-02-28T00:00:00
db:CNNVDid:CNNVD-201709-1157date:2017-11-10T00:00:00
db:NVDid:CVE-2015-8251date:2024-11-21T02:38:10.943

SOURCES RELEASE DATE
db:CERT/CCid:VU#566724date:2015-11-25T00:00:00
db:CNVDid:CNVD-2017-33799date:2017-11-14T00:00:00
db:VULHUBid:VHN-86212date:2017-09-25T00:00:00
db:JVNDBid:JVNDB-2015-006907date:2016-02-29T00:00:00
db:CNNVDid:CNNVD-201709-1157date:2017-09-25T00:00:00
db:NVDid:CVE-2015-8251date:2017-09-25T21:29:00.913