CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
70.6%
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | sa520 | 2.2.07 | cpe:2.3:o:cisco:sa520:2.2.07:*:*:*:*:*:*:* |
cisco | sa520w | 2.2.07 | cpe:2.3:o:cisco:sa520w:2.2.07:*:*:*:*:*:*:* |
cisco | sa540 | 2.2.07 | cpe:2.3:o:cisco:sa540:2.2.07:*:*:*:*:*:*:* |
cisco | rv016_multi-wan_vpn_firmware | 4.0.0.7 | cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.0.7:*:*:*:*:*:*:* |
cisco | rv016_multi-wan_vpn_firmware | 4.0.2.8 | cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.2.8:*:*:*:*:*:*:* |
cisco | rv016_multi-wan_vpn_firmware | 4.0.5.0 | cpe:2.3:a:cisco:rv016_multi-wan_vpn_firmware:4.0.5.0:*:*:*:*:*:*:* |
cisco | rv042_dual_wan_vpn_router_firmware | 4.0.2.8 | cpe:2.3:a:cisco:rv042_dual_wan_vpn_router_firmware:4.0.2.8:*:*:*:*:*:*:* |
cisco | rv042g_dual_gigabit_wan_vpn_firmware | 4.0.0.7 | cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.0.0.7:*:*:*:*:*:*:* |
cisco | rv042g_dual_gigabit_wan_vpn_firmware | 4.2.2.7 | cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.7:*:*:*:*:*:*:* |
cisco | rv042g_dual_gigabit_wan_vpn_firmware | 4.2.2.8 | cpe:2.3:a:cisco:rv042g_dual_gigabit_wan_vpn_firmware:4.2.2.8:*:*:*:*:*:*:* |