CVE-2015-4217

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.

La característica de soporte remoto en los dispositivos Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), y Security Management Virtual Appliance (SMAv) anterior a 2015-06-25 utilice las mismas claves de anfitrión SSH por defecto en las instalaciones de clientes diferentes, lo que facilita a atacantes remotos superar los mecanismos de protección criptográfica mediante el aprovechamiento del conocimiento de una clave privada de otra instalación, también conocido como Bug IDs CSCus29681, CSCuu95676, y CSCuu96601.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2015-06-04 CVE Reserved
2015-06-26 CVE Published
2023-03-07 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-310: Cryptographic Issues

CAPEC

References (5)

URL	Tag	Source
http://www.securityfocus.com/bid/75418	Third Party Advisory
http://www.securitytracker.com/id/1032725	Third Party Advisory
http://www.securitytracker.com/id/1032726	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport	2016-12-28
http://tools.cisco.com/security/center/viewAlert.x?alertId=39461	2016-12-28

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Content Security Management Virtual Appliance Search vendor "Cisco" for product "Content Security Management Virtual Appliance"				8.4.0.0150 Search vendor "Cisco" for product "Content Security Management Virtual Appliance" and version "8.4.0.0150"		-		Affected
Cisco Search vendor "Cisco"		Content Security Management Virtual Appliance Search vendor "Cisco" for product "Content Security Management Virtual Appliance"				9.0.0.087 Search vendor "Cisco" for product "Content Security Management Virtual Appliance" and version "9.0.0.087"		-		Affected
Cisco Search vendor "Cisco"		Email Security Virtual Appliance Search vendor "Cisco" for product "Email Security Virtual Appliance"				8.0.0 Search vendor "Cisco" for product "Email Security Virtual Appliance" and version "8.0.0"		-		Affected
Cisco Search vendor "Cisco"		Email Security Virtual Appliance Search vendor "Cisco" for product "Email Security Virtual Appliance"				8.5.6 Search vendor "Cisco" for product "Email Security Virtual Appliance" and version "8.5.6"		-		Affected
Cisco Search vendor "Cisco"		Email Security Virtual Appliance Search vendor "Cisco" for product "Email Security Virtual Appliance"				8.5.7 Search vendor "Cisco" for product "Email Security Virtual Appliance" and version "8.5.7"		-		Affected
Cisco Search vendor "Cisco"		Email Security Virtual Appliance Search vendor "Cisco" for product "Email Security Virtual Appliance"				9.0.0 Search vendor "Cisco" for product "Email Security Virtual Appliance" and version "9.0.0"		-		Affected
Cisco Search vendor "Cisco"		Web Security Virtual Appliance Search vendor "Cisco" for product "Web Security Virtual Appliance"				7.7.5 Search vendor "Cisco" for product "Web Security Virtual Appliance" and version "7.7.5"		-		Affected
Cisco Search vendor "Cisco"		Web Security Virtual Appliance Search vendor "Cisco" for product "Web Security Virtual Appliance"				8.0.5 Search vendor "Cisco" for product "Web Security Virtual Appliance" and version "8.0.5"		-		Affected
Cisco Search vendor "Cisco"		Web Security Virtual Appliance Search vendor "Cisco" for product "Web Security Virtual Appliance"				8.5.0 Search vendor "Cisco" for product "Web Security Virtual Appliance" and version "8.5.0"		-		Affected
Cisco Search vendor "Cisco"		Web Security Virtual Appliance Search vendor "Cisco" for product "Web Security Virtual Appliance"				8.5.1 Search vendor "Cisco" for product "Web Security Virtual Appliance" and version "8.5.1"		-		Affected
Cisco Search vendor "Cisco"		Web Security Virtual Appliance Search vendor "Cisco" for product "Web Security Virtual Appliance"				8.6.0 Search vendor "Cisco" for product "Web Security Virtual Appliance" and version "8.6.0"		-		Affected
Cisco Search vendor "Cisco"		Web Security Virtual Appliance Search vendor "Cisco" for product "Web Security Virtual Appliance"				8.7.0 Search vendor "Cisco" for product "Web Security Virtual Appliance" and version "8.7.0"		-		Affected