Medium severity5.9NVD Advisory· Published Oct 12, 2017· Updated May 13, 2026

CVE-2015-6358

Description

Multiple Cisco embedded devices use hardcoded X.509 certificates and SSH host keys embedded in the firmware, which allows remote attackers to defeat cryptographic protection mechanisms and conduct man-in-the-middle attacks by leveraging knowledge of these certificates and keys from another installation, aka Bug IDs CSCuw46610, CSCuw46620, CSCuw46637, CSCuw46654, CSCuw46665, CSCuw46672, CSCuw46677, CSCuw46682, CSCuw46705, CSCuw46716, CSCuw46979, CSCuw47005, CSCuw47028, CSCuw47040, CSCuw47048, CSCuw47061, CSCuw90860, CSCuw90869, CSCuw90875, CSCuw90881, CSCuw90899, and CSCuw90913.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-cinvdIssue TrackingPatchVendor Advisory
www.kb.cert.org/vuls/id/566724nvdThird Party AdvisoryUS Government Resource
www.securityfocus.com/bid/78047nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034255nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034256nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034257nvdThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1034258nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000