CVE-2015-6316

2015-11-0611:59:04

CWE-255

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

68.6%

JSON

The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account’s hardcoded password in an SSH session, aka Bug ID CSCuv40501.

Affected configurations

Nvd

Node

ciscomobility_services_engineMatch5.1_base

ciscomobility_services_engineMatch5.2_base

ciscomobility_services_engineMatch6.0_base

ciscomobility_services_engineMatch7.0_base

ciscomobility_services_engineMatch7.4.100.0

ciscomobility_services_engineMatch7.4.110.0

ciscomobility_services_engineMatch7.4.121.0

ciscomobility_services_engineMatch7.4_base

ciscomobility_services_engineMatch7.5.102.101

ciscomobility_services_engineMatch7.6.100.0

ciscomobility_services_engineMatch7.6.120.0

ciscomobility_services_engineMatch7.6.132.0

ciscomobility_services_engineMatch8.0\(110.0\)

ciscomobility_services_engineMatch8.0_base

VendorProductVersionCPE
ciscomobility_services_engine5.1_basecpe:2.3:a:cisco:mobility_services_engine:5.1_base:*:*:*:*:*:*:*
ciscomobility_services_engine5.2_basecpe:2.3:a:cisco:mobility_services_engine:5.2_base:*:*:*:*:*:*:*
ciscomobility_services_engine6.0_basecpe:2.3:a:cisco:mobility_services_engine:6.0_base:*:*:*:*:*:*:*
ciscomobility_services_engine7.0_basecpe:2.3:a:cisco:mobility_services_engine:7.0_base:*:*:*:*:*:*:*
ciscomobility_services_engine7.4.100.0cpe:2.3:a:cisco:mobility_services_engine:7.4.100.0:*:*:*:*:*:*:*
ciscomobility_services_engine7.4.110.0cpe:2.3:a:cisco:mobility_services_engine:7.4.110.0:*:*:*:*:*:*:*
ciscomobility_services_engine7.4.121.0cpe:2.3:a:cisco:mobility_services_engine:7.4.121.0:*:*:*:*:*:*:*
ciscomobility_services_engine7.4_basecpe:2.3:a:cisco:mobility_services_engine:7.4_base:*:*:*:*:*:*:*
ciscomobility_services_engine7.5.102.101cpe:2.3:a:cisco:mobility_services_engine:7.5.102.101:*:*:*:*:*:*:*
ciscomobility_services_engine7.6.100.0cpe:2.3:a:cisco:mobility_services_engine:7.6.100.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	mobility_services_engine	5.1_base	cpe:2.3:a:cisco:mobility_services_engine:5.1_base:::::::*
cisco	mobility_services_engine	5.2_base	cpe:2.3:a:cisco:mobility_services_engine:5.2_base:::::::*
cisco	mobility_services_engine	6.0_base	cpe:2.3:a:cisco:mobility_services_engine:6.0_base:::::::*
cisco	mobility_services_engine	7.0_base	cpe:2.3:a:cisco:mobility_services_engine:7.0_base:::::::*
cisco	mobility_services_engine	7.4.100.0	cpe:2.3:a:cisco:mobility_services_engine:7.4.100.0:::::::*
cisco	mobility_services_engine	7.4.110.0	cpe:2.3:a:cisco:mobility_services_engine:7.4.110.0:::::::*
cisco	mobility_services_engine	7.4.121.0	cpe:2.3:a:cisco:mobility_services_engine:7.4.121.0:::::::*
cisco	mobility_services_engine	7.4_base	cpe:2.3:a:cisco:mobility_services_engine:7.4_base:::::::*
cisco	mobility_services_engine	7.5.102.101	cpe:2.3:a:cisco:mobility_services_engine:7.5.102.101:::::::*
cisco	mobility_services_engine	7.6.100.0	cpe:2.3:a:cisco:mobility_services_engine:7.6.100.0:::::::*