CVE-2015-6316
Severity Score
6.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.
La configuración por defecto de sshd_config en Cisco Mobility Services Engine (MSE) hasta la versión 8.0.120.7 permite inicios de sesión mediante la cuenta de oracle, lo que hace que sea más fácil para atacantes remotos obtener acceso mediante la introducción de la contraseña codificada de esta cuenta en una sesión SSH, también conocido como Bug ID CSCuv40501.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-08-17 CVE Reserved
- 2015-11-06 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/77432 | Third Party Advisory | |
| http://www.securitytracker.com/id/1034065 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred | 2017-01-06 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 5.1_base Search vendor "Cisco" for product "Mobility Services Engine" and version "5.1_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 5.2_base Search vendor "Cisco" for product "Mobility Services Engine" and version "5.2_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 6.0_base Search vendor "Cisco" for product "Mobility Services Engine" and version "6.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.0_base Search vendor "Cisco" for product "Mobility Services Engine" and version "7.0_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.4.100.0 Search vendor "Cisco" for product "Mobility Services Engine" and version "7.4.100.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.4.110.0 Search vendor "Cisco" for product "Mobility Services Engine" and version "7.4.110.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.4.121.0 Search vendor "Cisco" for product "Mobility Services Engine" and version "7.4.121.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.4_base Search vendor "Cisco" for product "Mobility Services Engine" and version "7.4_base" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.5.102.101 Search vendor "Cisco" for product "Mobility Services Engine" and version "7.5.102.101" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.6.100.0 Search vendor "Cisco" for product "Mobility Services Engine" and version "7.6.100.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.6.120.0 Search vendor "Cisco" for product "Mobility Services Engine" and version "7.6.120.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 7.6.132.0 Search vendor "Cisco" for product "Mobility Services Engine" and version "7.6.132.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 8.0\(110.0\) Search vendor "Cisco" for product "Mobility Services Engine" and version "8.0\(110.0\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mobility Services Engine Search vendor "Cisco" for product "Mobility Services Engine" | 8.0_base Search vendor "Cisco" for product "Mobility Services Engine" and version "8.0_base" | - |
Affected
| ||||||