Miembros de
Boletines de Vulnerabilidades |
Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability |
|
Información sobre el sistema |
|
| Software afectado | Cisco |
Descripción |
|
|
A vulnerability in the cryptographic implementation of multiple Cisco products could allow an unauthenticated, remote attacker to make use of hard-coded certificate and keys embedded within the firmware of the affected device.The vulnerability is due to the lack of unique key and certificate generation within affected appliances. An attacker could exploit this vulnerability by using the static information to conduct man-in-the-middle attacks to decrypt confidential information on user More info: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Multiple%20Cisco%20Products%20Confidential%20Information%20Decryption%20Man-in- |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2015-6358. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2015-11-26 |