Sign-up

ID

VAR-201911-1540


CVE

CVE-2015-7276


TITLE

Embedded devices use non-unique X.509 certificates and SSH host keys

Trust: 0.8

sources: CERT/CC: VU#566724

DESCRIPTION

Technicolor C2000T and C2100T uses hard-coded cryptographic keys. Many embedded devices are not unique X.509 Certificate and SSH Spoofing and intermediary because host key is used (man-in-the-middle) There is a possibility of being attacked and attacks such as decryption of communication contents. The encryption key is hard-coded (CWE-321) SEC Consult of Stefan Viehböck According to the survey, many embedded devices are not unique X.509 Certificate and SSH It is said that it is accessible from the Internet using a host key. A hard-coded key in a firmware image or a repository stored by scanning the Internet scans.io ( In particular SSH And the result of SSL Certificate ) A device that uses a certificate whose fingerprint matches the data of can be determined to be vulnerable. Affected devices include household routers and IP From the camera VoIP Wide range of products. CWE-321: Use of Hard-coded Cryptographic Key http://cwe.mitre.org/data/definitions/321.html scans.io https://scans.io/ SSH Result of https://scans.io/series/ssh-rsa-full-ipv4 SSL Certificate https://scans.io/study/sonar.ssl In many vulnerable devices, certificate and key reuse is limited to a limited product line by a specific developer, but there are several examples where multiple developers use the same certificate or key. Or exist. These are common SDK Firmware developed using, or ISP Provided by OEM The root cause is the use of device firmware. Vulnerable equipment is impersonation and intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. Perhaps the attacker can obtain authentication information and other sensitive information and use it for further attacks. Survey results and certificates SSH For more information on systems affected by host key issues, see SEC Consult See the blog post. Certificate https://www.sec-consult.com/download/certificates.html SSH Host key https://www.sec-consult.com/download/ssh_host_keys.html SEC Consult http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.htmlA remote attacker impersonates a user or intermediary (man-in-the-middle) There is a possibility of being attacked or deciphering the communication contents. As a result, confidential information may be leaked

Trust: 2.34

sources: NVD: CVE-2015-7276 // CERT/CC: VU#566724 // JVNDB: JVNDB-2015-006907

AFFECTED PRODUCTS

vendor:technicolormodel:c2100tscope:eqversion: -

Trust: 2.2

vendor:technicolormodel:c2000tscope:eqversion: -

Trust: 2.2

vendor:actiontecmodel: - scope: - version: -

Trust: 0.8

vendor:ciscomodel: - scope: - version: -

Trust: 0.8

vendor:d linkmodel: - scope: - version: -

Trust: 0.8

vendor:general electricmodel: - scope: - version: -

Trust: 0.8

vendor:huaweimodel: - scope: - version: -

Trust: 0.8

vendor:netcommmodel: - scope: - version: -

Trust: 0.8

vendor:sierramodel: - scope: - version: -

Trust: 0.8

vendor:technicolormodel: - scope: - version: -

Trust: 0.8

vendor:ubiquitimodel: - scope: - version: -

Trust: 0.8

vendor:unifymodel: - scope: - version: -

Trust: 0.8

vendor:ztemodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel:c1000zscope: - version: -

Trust: 0.8

vendor:zyxelmodel:fr1000zscope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-24scope: - version: -

Trust: 0.8

vendor:zyxelmodel:gs1900-8scope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1100-nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1100-nhscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1121-niscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1123-acscope: - version: -

Trust: 0.8

vendor:zyxelmodel:nwa1123-niscope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-660hn-51scope: - version: -

Trust: 0.8

vendor:zyxelmodel:p-663hn-51scope: - version: -

Trust: 0.8

vendor:zyxelmodel:p8702nscope: - version: -

Trust: 0.8

vendor:zyxelmodel:pmg5318-b20ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:q1000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3300-n000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3300-nb00scope: - version: -

Trust: 0.8

vendor:zyxelmodel:sbg3500-n000scope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b30ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg1312-b30bscope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg4380-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8324-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8924-b10ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vmg8924-b30ascope: - version: -

Trust: 0.8

vendor:zyxelmodel:vsg1435-b101scope: - version: -

Trust: 0.8

vendor:multiple vendorsmodel: - scope: - version: -

Trust: 0.8

sources: CERT/CC: VU#566724 // JVNDB: JVNDB-2015-006907 // CNNVD: CNNVD-201911-301 // NVD: CVE-2015-7276

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7276
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-7276
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201911-301
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2015-7276
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: CVE-2015-7276
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2015-7276
baseSeverity: MEDIUM
baseScore: 5.9
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 2.2
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: JVNDB: JVNDB-2015-006907 // CNNVD: CNNVD-201911-301 // NVD: CVE-2015-7276

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.0

sources: NVD: CVE-2015-7276

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201911-301

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201911-301

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006907

PATCH
title:Zyxel to Fix SSH Private Key and Certificate Vulnerability (CVE-2015-7256)url:http://www.zyxel.com/support/announcement_SSH_private_key_and_certificate_vulnerability.shtml
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-006907

EXTERNAL IDS
db:CERT/CCid:VU#566724
Trust: 3.2
db:NVDid:CVE-2015-7276
Trust: 2.4
db:JVNid:JVNVU96100360
Trust: 0.8
db:JVNDBid:JVNDB-2015-006907
Trust: 0.8
db:CNNVDid:CNNVD-201911-301
Trust: 0.6
sources:
            
            
            CERT/CC: VU#566724 // 
            
            
            
            JVNDB: JVNDB-2015-006907 // 
            
            
            
            CNNVD: CNNVD-201911-301 // 
            
            
            
            NVD: CVE-2015-7276

REFERENCES
url:http://www.kb.cert.org/vuls/id/566724
Trust: 2.4
url:http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2015-7276
Trust: 1.4
url:https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-https/
Trust: 1.0
url:http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Trust: 0.8
url:https://www.sec-consult.com/download/certificates.html
Trust: 0.8
url:https://www.sec-consult.com/download/ssh_host_keys.html
Trust: 0.8
url:https://scans.io/
Trust: 0.8
url:https://scans.io/series/ssh-rsa-full-ipv4
Trust: 0.8
url:https://scans.io/study/sonar.ssl
Trust: 0.8
url:https://censys.io
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6358
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7255
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7256
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7276
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-8251
Trust: 0.8
url:http://jvn.jp/vu/jvnvu96100360/index.html
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7256
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-6358
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-7255
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-8251
Trust: 0.8
url:https/
Trust: 0.6
url:https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-
Trust: 0.6
sources:
            
            
            CERT/CC: VU#566724 // 
            
            
            
            JVNDB: JVNDB-2015-006907 // 
            
            
            
            CNNVD: CNNVD-201911-301 // 
            
            
            
            NVD: CVE-2015-7276

SOURCES
db:CERT/CCid:VU#566724
db:JVNDBid:JVNDB-2015-006907
db:CNNVDid:CNNVD-201911-301
db:NVDid:CVE-2015-7276

LAST UPDATE DATE
2024-11-23T22:25:43.507000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#566724date:2016-09-06T00:00:00
db:JVNDBid:JVNDB-2015-006907date:2018-02-28T00:00:00
db:CNNVDid:CNNVD-201911-301date:2019-11-12T00:00:00
db:NVDid:CVE-2015-7276date:2024-11-21T02:36:29.163

SOURCES RELEASE DATE
db:CERT/CCid:VU#566724date:2015-11-25T00:00:00
db:JVNDBid:JVNDB-2015-006907date:2016-02-29T00:00:00
db:CNNVDid:CNNVD-201911-301date:2019-11-06T00:00:00
db:NVDid:CVE-2015-7276date:2019-11-06T16:15:10.447