Executive Summary

Informations
Name CVE-2015-4217 First vendor Publication 2015-06-26
Vendor Cve Last vendor Modification 2016-12-28

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4217

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-310 Cryptographic Issues
50 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 4
Application 6

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-02 IAVM : 2015-A-0136 - Multiple Vulnerabilities in Multiple Cisco Security Appliances
Severity : Category I - VMSKEY : V0061051

Nessus® Vulnerability Scanner

Date Description
2015-07-02 Name : The remote security appliance is missing a vendor-supplied patch.
File : cisco_ironport_default_host_key.nasl - Type : ACT_GATHER_INFO
2015-07-02 Name : The remote host is missing a vendor-supplied security patch.
File : cisco_ironport_static_keys.nasl - Type : ACT_ATTACK

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/75418
CISCO http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...
http://tools.cisco.com/security/center/viewAlert.x?alertId=39461
SECTRACK http://www.securitytracker.com/id/1032725
http://www.securitytracker.com/id/1032726

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2021-05-04 12:40:16
  • Multiple Updates
2021-04-22 01:49:11
  • Multiple Updates
2020-05-23 00:45:31
  • Multiple Updates
2016-12-28 21:23:43
  • Multiple Updates
2016-12-28 09:22:09
  • Multiple Updates
2016-12-07 21:24:39
  • Multiple Updates
2016-04-27 02:29:25
  • Multiple Updates
2015-10-18 17:25:03
  • Multiple Updates
2015-07-03 13:28:41
  • Multiple Updates
2015-07-02 00:27:08
  • Multiple Updates
2015-06-26 21:26:32
  • Multiple Updates
2015-06-26 17:29:11
  • First insertion