// For flags

CVE-2015-6397

 

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC configuration for the default account, which allows remote authenticated users to obtain root access via a login session with that account, aka Bug IDs CSCuv90139, CSCux58175, and CSCux73557.

Dispositivos Cisco RV110W, RV130W y RV215W tiene una configuración RBAC incorrecta para la cuenta por defecto, lo que permite a usuarios remotos autenticados obtener acceso root a través de un inicio de sesión con esa cuenta, también conocido como Bug IDs CSCuv90139, CSCux58175 y CSCux73557.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-08-17 CVE Reserved
  • 2016-08-08 CVE Published
  • 2023-03-07 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-287: Improper Authentication
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Rv110w Wireless-n Vpn Firewall Firmware
Search vendor "Cisco" for product "Rv110w Wireless-n Vpn Firewall Firmware"
*-
Affected
in Cisco
Search vendor "Cisco"
Rv110w Wireless-n Vpn Firewall
Search vendor "Cisco" for product "Rv110w Wireless-n Vpn Firewall"
--
Safe
Cisco
Search vendor "Cisco"
Rv130w Wireless-n Multifunction Vpn Router Firmware
Search vendor "Cisco" for product "Rv130w Wireless-n Multifunction Vpn Router Firmware"
*-
Affected
in Cisco
Search vendor "Cisco"
Rv130w Wireless-n Multifunction Vpn Router
Search vendor "Cisco" for product "Rv130w Wireless-n Multifunction Vpn Router"
--
Safe
Cisco
Search vendor "Cisco"
Rv215w Wireless-n Vpn Router Firmware
Search vendor "Cisco" for product "Rv215w Wireless-n Vpn Router Firmware"
*-
Affected
in Cisco
Search vendor "Cisco"
Rv215w Wireless-n Vpn Router
Search vendor "Cisco" for product "Rv215w Wireless-n Vpn Router"
--
Safe