Lucene search

CiscoCVE-2015-6418

HistoryDec 13, 2015 - 3:59 a.m.

CVE-2015-6418

2015-12-1303:59:09

CWE-200

cisco

web.nvd.nist.gov

cisco

small business

rv routers

sa500

security appliances

vulnerability

cve-2015-6418

nvd

tls

key pair

entropy

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.

Affected configurations

Nvd

Node

ciscosa520Match2.2.07

ciscosa520wMatch2.2.07

ciscosa540Match2.2.07

Node

ciscorv016_multi-wan_vpn_firmwareMatch4.0.0.7

ciscorv016_multi-wan_vpn_firmwareMatch4.0.2.8

ciscorv016_multi-wan_vpn_firmwareMatch4.0.5.0

ciscorv042_dual_wan_vpn_router_firmwareMatch4.0.2.8

ciscorv042g_dual_gigabit_wan_vpn_firmwareMatch4.0.0.7

ciscorv042g_dual_gigabit_wan_vpn_firmwareMatch4.2.2.7

ciscorv042g_dual_gigabit_wan_vpn_firmwareMatch4.2.2.8

ciscorv082_dual_wan_vpn_router_firmwareMatch4.0.0.7

ciscorv082_dual_wan_vpn_router_firmwareMatch4.0.2.8

VendorProductVersionCPE
ciscosa5202.2.07cpe:2.3:o:cisco:sa520:2.2.07:*:*:*:*:*:*:*
ciscosa520w2.2.07cpe:2.3:o:cisco:sa520w:2.2.07:*:*:*:*:*:*:*
ciscosa5402.2.07cpe:2.3:o:cisco:sa540:2.2.07:*:*:*:*:*:*:*
ciscorv016_multi-wan_vpn_firmware4.0.0.7cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.0.7:*:*:*:*:*:*:*
ciscorv016_multi-wan_vpn_firmware4.0.2.8cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.2.8:*:*:*:*:*:*:*
ciscorv016_multi-wan_vpn_firmware4.0.5.0cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.5.0:*:*:*:*:*:*:*
ciscorv042_dual_wan_vpn_router_firmware4.0.2.8cpe:2.3:a:cisco:rv042_dual_wan_vpn_router_firmware:4.0.2.8:*:*:*:*:*:*:*
ciscorv042g_dual_gigabit_wan_vpn_firmware4.0.0.7cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.0.0.7:*:*:*:*:*:*:*
ciscorv042g_dual_gigabit_wan_vpn_firmware4.2.2.7cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.7:*:*:*:*:*:*:*
ciscorv042g_dual_gigabit_wan_vpn_firmware4.2.2.8cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sa520	2.2.07	cpe:2.3:o:cisco:sa520:2.2.07:::::::*
cisco	sa520w	2.2.07	cpe:2.3:o:cisco:sa520w:2.2.07:::::::*
cisco	sa540	2.2.07	cpe:2.3:o:cisco:sa540:2.2.07:::::::*
cisco	rv016_multi-wan_vpn_firmware	4.0.0.7	cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.0.7:::::::*
cisco	rv016_multi-wan_vpn_firmware	4.0.2.8	cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.2.8:::::::*
cisco	rv016_multi-wan_vpn_firmware	4.0.5.0	cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.5.0:::::::*
cisco	rv042_dual_wan_vpn_router_firmware	4.0.2.8	cpe:2.3:a:cisco:rv042_dual_wan_vpn_router_firmware:4.0.2.8:::::::*
cisco	rv042g_dual_gigabit_wan_vpn_firmware	4.0.0.7	cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.0.0.7:::::::*
cisco	rv042g_dual_gigabit_wan_vpn_firmware	4.2.2.7	cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.7:::::::*
cisco	rv042g_dual_gigabit_wan_vpn_firmware	4.2.2.8	cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.8:::::::*

Rows per page:

1-10 of 121

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151210-dwvr

www.securityfocus.com/bid/78876

www.securitytracker.com/id/1034408

www.securitytracker.com/id/1034409

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.003

Percentile

70.6%

JSON

Related for CVE-2015-6418