Vulnerabilites related to cisco - rvs4000
CVE-2011-1647 (GCVE-0-2011-1647)
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.877Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47985",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47985"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "47985",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47985"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1647",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47985",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47985"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-1647",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.877Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1645 (GCVE-0-2011-1645)
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "47988",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47988"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "47988",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47988"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1645",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "47988",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47988"
},
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-1645",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-0659 (GCVE-0-2014-0659)
Vulnerability from cvelistv5
Published
2014-01-12 15:00
Modified
2024-08-06 09:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:20:19.839Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "56292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/56292"
},
{
"name": "20140110 Undocumented Test Interface in Cisco Small Business Devices",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd"
},
{
"name": "cisco-small-cve20140659-priv-esc(90233)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90233"
},
{
"name": "64776",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64776"
},
{
"name": "1029580",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029580"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381"
},
{
"name": "1029579",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1029579"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/elvanderb/TCP-32764"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "56292",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/56292"
},
{
"name": "20140110 Undocumented Test Interface in Cisco Small Business Devices",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd"
},
{
"name": "cisco-small-cve20140659-priv-esc(90233)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90233"
},
{
"name": "64776",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64776"
},
{
"name": "1029580",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029580"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381"
},
{
"name": "1029579",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1029579"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/elvanderb/TCP-32764"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2014-0659",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "56292",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/56292"
},
{
"name": "20140110 Undocumented Test Interface in Cisco Small Business Devices",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd"
},
{
"name": "cisco-small-cve20140659-priv-esc(90233)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90233"
},
{
"name": "64776",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64776"
},
{
"name": "1029580",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029580"
},
{
"name": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381",
"refsource": "CONFIRM",
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381"
},
{
"name": "1029579",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1029579"
},
{
"name": "https://github.com/elvanderb/TCP-32764",
"refsource": "MISC",
"url": "https://github.com/elvanderb/TCP-32764"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2014-0659",
"datePublished": "2014-01-12T15:00:00",
"dateReserved": "2014-01-02T00:00:00",
"dateUpdated": "2024-08-06T09:20:19.839Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1646 (GCVE-0-2011-1646)
Vulnerability from cvelistv5
Published
2011-05-31 20:00
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:24.098Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-07T09:00:00",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1025565"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2011-1646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20110525 Cisco RVS4000 and WRVS4400N Web Management Interface Vulnerabilities",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"name": "1025565",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1025565"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2011-1646",
"datePublished": "2011-05-31T20:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:37:24.098Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-0593 (GCVE-0-2010-0593)
Vulnerability from cvelistv5
Published
2010-04-22 14:00
Modified
2024-08-07 00:52
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:52:19.613Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20100421 Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"
},
{
"name": "1023906",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1023906"
},
{
"name": "cisco-small-business-unauth-access(58034)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"
},
{
"name": "ADV-2010-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/0965"
},
{
"name": "63978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/63978"
},
{
"name": "39612",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/39612"
},
{
"name": "39510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/39510"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20100421 Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"
},
{
"name": "1023906",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1023906"
},
{
"name": "cisco-small-business-unauth-access(58034)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"
},
{
"name": "ADV-2010-0965",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/0965"
},
{
"name": "63978",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/63978"
},
{
"name": "39612",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/39612"
},
{
"name": "39510",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/39510"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2010-0593",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20100421 Cisco Small Business Video Surveillance Cameras and Cisco 4-Port Gigabit Security Routers Authentication Bypass Vulnerability",
"refsource": "CISCO",
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"
},
{
"name": "1023906",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1023906"
},
{
"name": "cisco-small-business-unauth-access(58034)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"
},
{
"name": "ADV-2010-0965",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/0965"
},
{
"name": "63978",
"refsource": "OSVDB",
"url": "http://osvdb.org/63978"
},
{
"name": "39612",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/39612"
},
{
"name": "39510",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/39510"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2010-0593",
"datePublished": "2010-04-22T14:00:00",
"dateReserved": "2010-02-10T00:00:00",
"dateUpdated": "2024-08-07T00:52:19.613Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-6358 (GCVE-0-2015-6358)
Vulnerability from cvelistv5
Published
2017-10-12 15:00
Modified
2024-08-06 07:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T07:22:20.764Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-11-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-12T14:57:01",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "VU#566724",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1034256"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"ID": "CVE-2015-6358",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "VU#566724",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"name": "1034258",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034258"
},
{
"name": "78047",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/78047"
},
{
"name": "1034255",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034255"
},
{
"name": "20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability",
"refsource": "CISCO",
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"name": "1034257",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034257"
},
{
"name": "1034256",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1034256"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2015-6358",
"datePublished": "2017-10-12T15:00:00",
"dateReserved": "2015-08-17T00:00:00",
"dateUpdated": "2024-08-06T07:22:20.764Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rvs4000 | 1 | |
| cisco | rvs4000 | 2 | |
| cisco | rvs4000_software | 1.3.0.5 | |
| cisco | rvs4000_software | 1.3.1.0 | |
| cisco | rvs4000_software | 1.3.2.0 | |
| cisco | rvs4000_software | 2.0.0.3 | |
| cisco | wrvs4400n | 1.0 | |
| cisco | wrvs4400n | 1.1 | |
| cisco | wrvs4400n | 2 | |
| cisco | wrvs4400n_software | 1.3.0.5 | |
| cisco | wrvs4400n_software | 1.3.1.0 | |
| cisco | wrvs4400n_software | 1.3.2.0 | |
| cisco | wrvs4400n_software | 2.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEB65FB-54C5-4574-9208-F3E3EE823B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:rvs4000:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7E4042-1F62-4DF7-A624-2F492F792937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5363CFAF-439E-488C-9E97-BE04D80A4F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "096FB511-0E5D-46B6-827B-EAB242E015EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "567C5658-57F0-4BBA-9849-9A77504102FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2596081A-DFA3-4006-9B7C-EE3A29ED0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D4BF4B-0360-4A3B-8843-1D5E84CA948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C01433D-F43E-4574-BC04-1F0C060BBFC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C11E2E-B910-45EC-A8FA-6BAAFFD26ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C754BA1B-7DEC-49F4-835F-1EDA9289E19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0606AC-B349-411A-8D45-213A60FCFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CE7344-400B-4E2F-B9DF-C2B0BB74B080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB82F7E-A77E-400A-B894-3207026826C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871."
},
{
"lang": "es",
"value": "El interfaz de administraci\u00f3n web de Cisco RVS4000 Gigabit Security Router con software 1.x anteriores a 1.3.3.4 y 2.x anteriores a 2.0.2.7, y de WRVS4400N Gigabit Security Router con software anterior a la versi\u00f3n 2.0.2.1, permite a atacantes remotos autenticados ejecutar comandos de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro ping test o (2) el par\u00e1metro traceroute test. Tambi\u00e9n conocido como Bug ID CSCtn23871."
}
],
"id": "CVE-2011-1646",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:02.780",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025565"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rvs4000 | 1 | |
| cisco | rvs4000 | 2 | |
| cisco | rvs4000_software | 1.3.0.5 | |
| cisco | rvs4000_software | 1.3.1.0 | |
| cisco | rvs4000_software | 1.3.2.0 | |
| cisco | rvs4000_software | 2.0.0.3 | |
| cisco | wrvs4400n | 1.0 | |
| cisco | wrvs4400n | 1.1 | |
| cisco | wrvs4400n | 2 | |
| cisco | wrvs4400n_software | 1.3.0.5 | |
| cisco | wrvs4400n_software | 1.3.1.0 | |
| cisco | wrvs4400n_software | 1.3.2.0 | |
| cisco | wrvs4400n_software | 2.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEB65FB-54C5-4574-9208-F3E3EE823B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:rvs4000:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7E4042-1F62-4DF7-A624-2F492F792937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5363CFAF-439E-488C-9E97-BE04D80A4F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "096FB511-0E5D-46B6-827B-EAB242E015EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "567C5658-57F0-4BBA-9849-9A77504102FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2596081A-DFA3-4006-9B7C-EE3A29ED0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D4BF4B-0360-4A3B-8843-1D5E84CA948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C01433D-F43E-4574-BC04-1F0C060BBFC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C11E2E-B910-45EC-A8FA-6BAAFFD26ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C754BA1B-7DEC-49F4-835F-1EDA9289E19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0606AC-B349-411A-8D45-213A60FCFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CE7344-400B-4E2F-B9DF-C2B0BB74B080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB82F7E-A77E-400A-B894-3207026826C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the private key for the admin SSL certificate via unspecified vectors, aka Bug ID CSCtn23871."
},
{
"lang": "es",
"value": "El interfaz de administraci\u00f3n web de Cisco RVS4000 Gigabit Security Router con software 1.x anteriores a 1.3.3.4 y 2.x anteriores a 2.0.2.7, y de WRVS4400N Gigabit Security Router con software anterior a la versi\u00f3n 2.0.2.1 permite a atacantes remotos leer la clave privada del certificado SSL admin a trav\u00e9s de vectores sin especificar. Tambi\u00e9n conocido como Bug ID CSCtn23871."
}
],
"id": "CVE-2011-1647",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:02.827",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/47985"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025565"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-01-12 18:34
Modified
2025-04-11 00:51
Severity ?
Summary
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rvs4000_firmware | * | |
| cisco | rvs4000_firmware | 1.3.2.0 | |
| cisco | rvs4000_firmware | 1.3.3.5 | |
| cisco | rvs4000_firmware | 2.0.0.3 | |
| cisco | rvs4000_firmware | 2.0.2.7 | |
| cisco | rvs4000 | - | |
| cisco | wrvs4400n_firmware | 1.1.03 | |
| cisco | wrvs4400n_firmware | 1.1.13 | |
| cisco | wrvs4400n_firmware | 2.0.1.3 | |
| cisco | wrvs4400n_firmware | 2.0.2.1 | |
| cisco | wrvs4400n | - | |
| cisco | wap4410n_firmware | * | |
| cisco | wap4410n_firmware | 2.0.2.1 | |
| cisco | wap4410n_firmware | 2.0.3.3 | |
| cisco | wap4410n_firmware | 2.0.4.2 | |
| cisco | wap4410n | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "930991E4-6DDC-41FD-84AE-AB8C66919A6C",
"versionEndIncluding": "2.0.3.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rvs4000_firmware:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D8FCC1E8-9363-406F-9A46-AEC7A7410C61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rvs4000_firmware:1.3.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F33610B9-6D34-47B7-A4B3-03CA0573394C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rvs4000_firmware:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B6A6F859-70C6-4FAC-899F-FD0547CC3C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:rvs4000_firmware:2.0.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3F5B209A-8490-4B8D-B058-A1219DCF536B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30BCF7-FA1A-44B3-8C58-17DFA939E7C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wrvs4400n_firmware:1.1.03:*:*:*:*:*:*:*",
"matchCriteriaId": "85B35695-9316-4FF9-B5B5-77A11B89ABC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wrvs4400n_firmware:1.1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "3BCAFAC5-CD3D-4329-B004-0E1983256FBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wrvs4400n_firmware:2.0.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D0FBF91E-A972-47A2-9B14-C20170CE9B59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wrvs4400n_firmware:2.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "77C2AC61-F086-41FE-8ABC-8D18C089AC28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC842A29-7A55-4474-B5AD-A6813FE16A7D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "40ED8DCA-1EC7-4AE9-9004-B17212EFCF76",
"versionEndIncluding": "2.0.6.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wap4410n_firmware:2.0.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "98469AA4-E146-40F0-B540-C61918BCDE62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wap4410n_firmware:2.0.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F0224CF2-BBAA-48A8-8B89-BBA50F12EF2C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:cisco:wap4410n_firmware:2.0.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74C59A02-869E-4527-AA44-84E8B71A9EBC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF89AC2-2A85-463C-A644-B3FA31A470FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests to the test interface on TCP port 32764, aka Bug IDs CSCum37566, CSCum43693, CSCum43700, and CSCum43685."
},
{
"lang": "es",
"value": "El punto de acceso Cisco WAP4410N con firmware hasta 2.0.6.1, router WRVS4400N con firmware 1.x hasta 1.1.13 y 2.x hasta 2.0.21, y router RVS4000 con firmware hasta 2.0.3.2 permite a atacantes remotos leer informaci\u00f3n de credenciales y configuraci\u00f3n, y ejecutar comandos de forma arbitraria, a trav\u00e9s de peticiones al interface test en el puerto TCP 32764, tambien conocido como Bug IDs CSCum37566, CSCum43693, CSCum43700, y CSCum43685."
}
],
"id": "CVE-2014-0659",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-01-12T18:34:55.957",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/56292"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd"
},
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64776"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029579"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029580"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90233"
},
{
"source": "psirt@cisco.com",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/elvanderb/TCP-32764"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/56292"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140110-sbd"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=32381"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/64776"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1029580"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/elvanderb/TCP-32764"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-31 20:55
Modified
2025-04-11 00:51
Severity ?
Summary
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rvs4000 | 1 | |
| cisco | rvs4000 | 2 | |
| cisco | rvs4000_software | 1.3.0.5 | |
| cisco | rvs4000_software | 1.3.1.0 | |
| cisco | rvs4000_software | 1.3.2.0 | |
| cisco | rvs4000_software | 2.0.0.3 | |
| cisco | wrvs4400n | 1.0 | |
| cisco | wrvs4400n | 1.1 | |
| cisco | wrvs4400n | 2 | |
| cisco | wrvs4400n_software | 1.3.0.5 | |
| cisco | wrvs4400n_software | 1.3.1.0 | |
| cisco | wrvs4400n_software | 1.3.2.0 | |
| cisco | wrvs4400n_software | 2.0.0.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDEB65FB-54C5-4574-9208-F3E3EE823B96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:rvs4000:2:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7E4042-1F62-4DF7-A624-2F492F792937",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5363CFAF-439E-488C-9E97-BE04D80A4F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "096FB511-0E5D-46B6-827B-EAB242E015EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "567C5658-57F0-4BBA-9849-9A77504102FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:rvs4000_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2596081A-DFA3-4006-9B7C-EE3A29ED0341",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D9D4BF4B-0360-4A3B-8843-1D5E84CA948E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C01433D-F43E-4574-BC04-1F0C060BBFC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:2:*:*:*:*:*:*:*",
"matchCriteriaId": "A3C11E2E-B910-45EC-A8FA-6BAAFFD26ED3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "C754BA1B-7DEC-49F4-835F-1EDA9289E19D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0606AC-B349-411A-8D45-213A60FCFD08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:1.3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CE7344-400B-4E2F-B9DF-C2B0BB74B080",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:cisco:wrvs4400n_software:2.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BEB82F7E-A77E-400A-B894-3207026826C9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871."
},
{
"lang": "es",
"value": "El interfaz de administraci\u00f3n web de Cisco RVS4000 Gigabit Security Router con software 1.x anteriores a 1.3.3.4 y 2.x anteriores a 2.0.2.7, y de WRVS4400N Gigabit Security Router con software anterior a la versi\u00f3n 2.0.2.1, permite a atacantes remotos leer el archivo de configuraci\u00f3n del backup, y por consiguiente ejecutar c\u00f3digo arbitrario, a trav\u00e9s de vectores sin especificar. Tambi\u00e9n conocido como Bug ID CSCtn23871."
}
],
"id": "CVE-2011-1645",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-31T20:55:02.750",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/47988"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1025565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b7f190.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47988"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1025565"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-16"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-22 14:30
Modified
2025-04-11 00:51
Severity ?
Summary
The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:pvc2300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7261E300-E1FF-4BED-A769-4EF5160A19B8",
"versionEndIncluding": "1.1.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wvc200:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9949161-A6F8-4FCA-B0F9-B24F8902B796",
"versionEndIncluding": "1.1.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wvc200:1.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "75A3FA1B-7F80-4400-8384-FD00BC3AAFEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wvc210:*:*:*:*:*:*:*:*",
"matchCriteriaId": "582D8387-3185-45AA-A833-DFEF7BF9B7BD",
"versionEndIncluding": "1.1.0.15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:wvc210:1.1.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "66012205-BEBC-4915-A116-7DB82430DBC0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wvc2300:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF1A282-36FF-4D15-A981-83B18977DE93",
"versionEndIncluding": "1.1.1.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7FF6DC-E1FF-4E6D-8A6C-098E07F5D898",
"versionEndIncluding": "1.3.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:cisco:rvs4000:1.3.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "10D53639-E058-474D-9E02-D0B602460A31",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, PVC2300 Business Internet Video Camera before 1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera before 1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera before 1.1.1.15, and WVC2300 Wireless-G Business Internet Video Camera before 1.1.2.6 do not properly restrict read access to passwords, which allows context-dependent attackers to obtain sensitive information, related to (1) access by remote authenticated users to a PVC2300 or WVC2300 via a crafted URL, (2) leveraging setup privileges on a WVC200 or WVC210, and (3) leveraging administrative privileges on an RVS4000, aka Bug ID CSCte64726."
},
{
"lang": "es",
"value": "Cisco RVS4000 4-port Gigabit Security Router en versiones anteriores a la v1.3.2.0, PVC2300 Business Internet Video Camera en versiones anteriores a la v1.1.2.6, WVC200 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, WVC210 Wireless-G PTZ Internet Video Camera en versiones anteriores a la v1.1.1.15, y WVC2300 Wireless-G Business Internet Video Camera en versiones anteriores a la v1.1.2.6 no restringen de manera apropiada el acceso de lectura a las contrase\u00f1as, lo que permite a atacantes dependiendo del contexto obtener informaci\u00f3n confidencial. Vulnerabilidad relacionada con (1) acceso de usuarios remotos autenticados a PVC2300 o WVC2300 a trav\u00e9s de una URL modificada, (2) habilitar privilegios de configuraci\u00f3n en un WVC200 o WVC210, y (3) habilitar privilegios de administraci\u00f3n en un RVS4000. Tambi\u00e9n conocido como Bug ID CSCte64726."
}
],
"id": "CVE-2010-0593",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-22T14:30:00.853",
"references": [
{
"source": "psirt@cisco.com",
"url": "http://osvdb.org/63978"
},
{
"source": "psirt@cisco.com",
"url": "http://secunia.com/advisories/39510"
},
{
"source": "psirt@cisco.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securityfocus.com/bid/39612"
},
{
"source": "psirt@cisco.com",
"url": "http://www.securitytracker.com/id?1023906"
},
{
"source": "psirt@cisco.com",
"url": "http://www.vupen.com/english/advisories/2010/0965"
},
{
"source": "psirt@cisco.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/63978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/39510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b27511.shtml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/39612"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1023906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/0965"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/58034"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-10-12 15:29
Modified
2025-04-20 01:37
Severity ?
Summary
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cisco | rv320_firmware | * | |
| cisco | rv320 | - | |
| cisco | rv325_firmware | * | |
| cisco | rv325 | - | |
| cisco | rvs4000_firmware | * | |
| cisco | rvs4000 | - | |
| cisco | wrv210_firmware | * | |
| cisco | wrv210 | - | |
| cisco | wap4410n_firmware | * | |
| cisco | wap4410n | - | |
| cisco | wrv200_firmware | 1.0.39 | |
| cisco | wrv200 | - | |
| cisco | wrvs4400n_firmware | * | |
| cisco | wrvs4400n | - | |
| cisco | wap200_firmware | * | |
| cisco | wap200 | - | |
| cisco | wvc2300_firmware | * | |
| cisco | wvc2300 | - | |
| cisco | pvc2300_firmware | * | |
| cisco | pvc2300 | - | |
| cisco | srw224p_firmware | * | |
| cisco | srw224p | - | |
| cisco | wet200_firmware | * | |
| cisco | wet200 | - | |
| cisco | wap2000_firmware | * | |
| cisco | wap2000 | - | |
| cisco | wap4400n_firmware | * | |
| cisco | wap4400n | - | |
| cisco | rv120w_firmware | * | |
| cisco | rv120w | - | |
| cisco | rv180_firmware | * | |
| cisco | rv180 | - | |
| cisco | rv180w_firmware | * | |
| cisco | rv180w | - | |
| cisco | rv315w_firmware | * | |
| cisco | rv315w | - | |
| cisco | srp520_firmware | * | |
| cisco | srp520 | - | |
| cisco | srp520-u_firmware | * | |
| cisco | srp520-u | - | |
| cisco | wrp500_firmware | * | |
| cisco | wrp500 | - | |
| cisco | spa400_firmware | * | |
| cisco | spa400 | - | |
| cisco | rtp300_firmware | * | |
| cisco | rtp300 | - | |
| cisco | rv220w_firmware | * | |
| cisco | rv220w | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv320_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F503CBF1-C2FB-40ED-8DA4-85F233EC4F8F",
"versionEndIncluding": "1.3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv320:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7596F6D4-10DA-4F29-95AD-75B60F4670D6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv325_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EE1BC6E1-8A83-438F-AE33-3AAED7DF1CBE",
"versionEndIncluding": "1.3.1.10",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv325:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3435D601-EDA8-49FF-8841-EA6DF1518C75",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7881E4BC-6590-49C0-88C4-A21F2BE2B4FE",
"versionEndIncluding": "2.0.3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rvs4000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EC30BCF7-FA1A-44B3-8C58-17DFA939E7C7",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wrv210_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E9D1511-2B20-4013-9504-0FE9A9B5220C",
"versionEndIncluding": "2.0.1.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrv210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FA20862-B235-4230-8861-A59CF62CC65E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wap4410n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EB758D90-1888-42E3-9305-82F59D9C1891",
"versionEndIncluding": "2.0.7.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wap4410n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF89AC2-2A85-463C-A644-B3FA31A470FA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wrv200_firmware:1.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "57B0AF22-058C-4273-8A3F-744692DFB77E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrv200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F73575BC-B0E8-49A5-8E68-4D9B3109029D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wrvs4400n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A1D37CC-A650-496D-B66B-62F69EFFFCCC",
"versionEndIncluding": "2.0.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrvs4400n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC842A29-7A55-4474-B5AD-A6813FE16A7D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wap200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CBC035F1-83DE-47F1-BF2D-72FE32E926BC",
"versionEndIncluding": "2.0.6.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wap200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BD50A4C8-8E79-4D0B-8D23-88425EFE9234",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wvc2300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C6F6D758-4D48-4D16-B54C-08F924D8623C",
"versionEndIncluding": "1.1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wvc2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1122B4F-87D0-4030-9C4C-E811BBEAC51F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:pvc2300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "24B3D0D5-BA35-44A7-A9AC-EFC38638424E",
"versionEndIncluding": "1.1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:pvc2300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35B259F8-E3F8-44D0-9EDB-BC686F239CF6",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:srw224p_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "72473F9C-4AD6-47AE-9568-D7451EB8DD09",
"versionEndIncluding": "2.0.2.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:srw224p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8B559090-2CB3-41E6-B9C8-EB83FC7AFE54",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wet200_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C1B80159-909F-4B59-9DC6-34C1E508FCD1",
"versionEndIncluding": "2.0.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wet200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "565A92B8-DF55-4F7D-B312-E1870728F27A",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wap2000_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3751819E-FF92-4540-93D2-2D8F8427D826",
"versionEndIncluding": "2.0.8.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wap2000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C4844B66-4D3A-4526-87A3-6C45B9360691",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wap4400n_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C17056F7-933C-45AD-8F75-64E4B9ADFB55",
"versionEndIncluding": "-",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wap4400n:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D47B755E-277A-4FF5-B005-C7F28B191D6B",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv120w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "34E8DF08-06D6-46EE-AE4A-8FA11D3E1FB9",
"versionEndIncluding": "1.0.5.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv120w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "40465CA8-BE8B-4F15-8578-D8972C241D84",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv180_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A27C46AD-51E7-463F-A296-D4C6DF9B01F7",
"versionEndIncluding": "1.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv180:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A8BD67F3-98CE-4B03-8980-6791B753FDC9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv180w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BA690405-6AB8-4503-90AB-0B25F50F4776",
"versionEndIncluding": "1.0.5.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv180w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E3FBF6-4EB3-4C2F-AE0E-25F5765DD107",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv315w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EEDA17A-529D-455C-B608-DFCFEC4DD448",
"versionEndIncluding": "1.01.03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv315w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7B47D7-4D6B-43BF-BF1C-E89C781DDD14",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:srp520_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "857DB576-9674-42E1-B122-0ACCD696818F",
"versionEndIncluding": "1.01.29",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:srp520:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE62C2A-30E6-4E0F-AC84-1A75F5032D22",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:srp520-u_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F87C7EB8-4AF8-484E-B90F-B5E2C77D7679",
"versionEndIncluding": "1.2.6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:srp520-u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F4A12DCA-F804-4CC1-B1FE-EF4A182A9722",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:wrp500_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "67487247-39A1-4EF9-A451-3A2585CC7D54",
"versionEndIncluding": "1.0.1.002",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:wrp500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78DAF22A-9A5A-4E55-AF0F-ED9969610411",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:spa400_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26067A0B-6752-4008-A021-57A76AC84F26",
"versionEndIncluding": "1.1.2.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:spa400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A20F9B77-999F-4B2E-8894-6D6AED4A92CC",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rtp300_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "114E7DD2-5C5F-40A2-A795-FF75FACB4567",
"versionEndIncluding": "3.1.24",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rtp300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "78E72C11-E53D-4E29-802A-002F0229C158",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:rv220w_firmware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C4E5A6-88BB-4758-8222-369BAE95C14B",
"versionEndIncluding": "1.0.4.17",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:rv220w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8620DFD9-E280-464E-91FF-2E901EDD49C0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913."
},
{
"lang": "es",
"value": "M\u00faltiples dispositivos con software de Cisco incorporado utilizan certificados X.509 embebidos y claves de host SSH embebidas en el firmware, lo que permite que atacantes remotos superen los mecanismos de protecci\u00f3n criptogr\u00e1fica y realicen ataques Man-in-the-Middle (MitM) sabiendo de estos certificados y claves de otra instalaci\u00f3n. Esto tambi\u00e9n se conoce por los siguientes Bug ID: CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899 y CSCuw90913."
}
],
"id": "CVE-2015-6358",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-12T15:29:00.217",
"references": [
{
"source": "psirt@cisco.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034256"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"source": "psirt@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/566724"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/78047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1034258"
}
],
"sourceIdentifier": "psirt@cisco.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}