Executive Summary

Informations
Name CVE-2015-4216 First vendor Publication 2015-06-26
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4216

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 4
Application 6

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-02 IAVM : 2015-A-0136 - Multiple Vulnerabilities in Multiple Cisco Security Appliances
Severity : Category I - VMSKEY : V0061051

Nessus® Vulnerability Scanner

Date Description
2015-07-02 Name : The remote security appliance is missing a vendor-supplied patch.
File : cisco_ironport_default_host_key.nasl - Type : ACT_GATHER_INFO
2015-07-02 Name : The remote host is missing a vendor-supplied security patch.
File : cisco_ironport_static_keys.nasl - Type : ACT_ATTACK

Sources (Detail)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa...
http://www.securityfocus.com/bid/75417
http://www.securitytracker.com/id/1032725
http://www.securitytracker.com/id/1032726
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
Date Informations
2024-11-28 12:47:42
  • Multiple Updates
2021-05-04 12:40:16
  • Multiple Updates
2021-04-22 01:49:11
  • Multiple Updates
2020-05-23 00:45:31
  • Multiple Updates
2016-12-28 21:23:43
  • Multiple Updates
2016-12-28 09:22:09
  • Multiple Updates
2016-12-07 21:24:39
  • Multiple Updates
2016-04-27 02:29:25
  • Multiple Updates
2015-10-18 17:25:03
  • Multiple Updates
2015-07-03 13:28:40
  • Multiple Updates
2015-07-02 00:27:07
  • Multiple Updates
2015-06-26 21:26:32
  • Multiple Updates
2015-06-26 17:29:11
  • First insertion