Medium severity5.9NVD Advisory· Published Oct 12, 2017· Updated Jun 17, 2026
CVE-2015-6358
CVE-2015-6358
Description
Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
25- cpe:2.3:o:cisco:pvc2300_firmware:*:*:*:*:*:*:*:*Range: <=1.1.2.6
- cpe:2.3:o:cisco:rv180w_firmware:*:*:*:*:*:*:*:*Range: <=1.0.5.4
- cpe:2.3:o:cisco:rvs4000_firmware:*:*:*:*:*:*:*:*Range: <=2.0.3.4
- cpe:2.3:o:cisco:srp520-u_firmware:*:*:*:*:*:*:*:*Range: <=1.2.6
- cpe:2.3:o:cisco:srw224p_firmware:*:*:*:*:*:*:*:*Range: <=2.0.2.4
- cpe:2.3:o:cisco:wap2000_firmware:*:*:*:*:*:*:*:*Range: <=2.0.8.0
- cpe:2.3:o:cisco:wrp500_firmware:*:*:*:*:*:*:*:*Range: <=1.0.1.002
- cpe:2.3:o:cisco:wrv200_firmware:1.0.39:*:*:*:*:*:*:*
- cpe:2.3:o:cisco:wrvs4400n_firmware:*:*:*:*:*:*:*:*Range: <=2.0.2.2
- cpe:2.3:o:cisco:wvc2300_firmware:*:*:*:*:*:*:*:*Range: <=1.1.2.6
Patches
Vulnerability mechanics
References
7- tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-cinvdIssue TrackingPatchVendor Advisory
- www.kb.cert.org/vuls/id/566724nvdThird Party AdvisoryUS Government Resource
- www.securityfocus.com/bid/78047nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034255nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034256nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034257nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1034258nvdThird Party AdvisoryVDB Entry
News mentions
0No linked articles in our index yet.