Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-6280

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.

Published

2015-09-28T02:59:12.013

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-287

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	cisco	ios	15.2\(1\)sy	Yes
Operating System	cisco	ios	15.2\(1\)sy0a	Yes
Operating System	cisco	ios	15.2\(2\)e	Yes
Operating System	cisco	ios	15.2\(2\)e1	Yes
Operating System	cisco	ios	15.2\(2\)e2	Yes
Operating System	cisco	ios	15.2\(2\)ea1	Yes
Operating System	cisco	ios	15.2\(2a\)e1	Yes
Operating System	cisco	ios	15.2\(2a\)e2	Yes
Operating System	cisco	ios	15.2\(3\)e	Yes
Operating System	cisco	ios	15.2\(3\)ea	Yes
Operating System	cisco	ios	15.2\(3a\)e	Yes
Operating System	cisco	ios	15.3\(3\)m1	Yes
Operating System	cisco	ios	15.3\(3\)m2	Yes
Operating System	cisco	ios	15.3\(3\)m3	Yes
Operating System	cisco	ios	15.3\(3\)m4	Yes
Operating System	cisco	ios	15.3\(3\)m5	Yes
Operating System	cisco	ios	15.3\(3\)s	Yes
Operating System	cisco	ios	15.3\(3\)s1	Yes
Operating System	cisco	ios	15.3\(3\)s1a	Yes
Operating System	cisco	ios	15.3\(3\)s2	Yes
Operating System	cisco	ios	15.3\(3\)s3	Yes
Operating System	cisco	ios	15.3\(3\)s4	Yes
Operating System	cisco	ios	15.3\(3\)s5	Yes
Operating System	cisco	ios	15.4\(1\)cg	Yes
Operating System	cisco	ios	15.4\(1\)cg1	Yes
Operating System	cisco	ios	15.4\(1\)s	Yes
Operating System	cisco	ios	15.4\(1\)s1	Yes
Operating System	cisco	ios	15.4\(1\)s2	Yes
Operating System	cisco	ios	15.4\(1\)s3	Yes
Operating System	cisco	ios	15.4\(1\)t	Yes
Operating System	cisco	ios	15.4\(1\)t1	Yes
Operating System	cisco	ios	15.4\(1\)t2	Yes
Operating System	cisco	ios	15.4\(1\)t3	Yes
Operating System	cisco	ios	15.4\(2\)cg	Yes
Operating System	cisco	ios	15.4\(2\)s	Yes
Operating System	cisco	ios	15.4\(2\)s1	Yes
Operating System	cisco	ios	15.4\(2\)s2	Yes
Operating System	cisco	ios	15.4\(2\)t	Yes
Operating System	cisco	ios	15.4\(2\)t1	Yes
Operating System	cisco	ios	15.4\(2\)t2	Yes
Operating System	cisco	ios	15.4\(3\)m	Yes
Operating System	cisco	ios	15.4\(3\)m1	Yes
Operating System	cisco	ios	15.4\(3\)m2	Yes
Operating System	cisco	ios	15.4\(3\)s	Yes
Operating System	cisco	ios	15.4\(3\)s1	Yes
Operating System	cisco	ios	15.4\(3\)s2	Yes
Operating System	cisco	ios	15.5\(1\)s	Yes
Operating System	cisco	ios	15.5\(1\)t	Yes
Operating System	cisco	ios_xe	3.6e.0	Yes
Operating System	cisco	ios_xe	3.6e.0a	Yes
Operating System	cisco	ios_xe	3.6e.0b	Yes
Operating System	cisco	ios_xe	3.6e.1	Yes
Operating System	cisco	ios_xe	3.6e.2	Yes
Operating System	cisco	ios_xe	3.6e.2a	Yes
Operating System	cisco	ios_xe	3.7e.0	Yes
Operating System	cisco	ios_xe	3.10s.0	Yes
Operating System	cisco	ios_xe	3.10s.0a	Yes
Operating System	cisco	ios_xe	3.10s.01	Yes
Operating System	cisco	ios_xe	3.10s.1	Yes
Operating System	cisco	ios_xe	3.10s.2	Yes
Operating System	cisco	ios_xe	3.10s.3	Yes
Operating System	cisco	ios_xe	3.10s.4	Yes
Operating System	cisco	ios_xe	3.10s.5	Yes
Operating System	cisco	ios_xe	3.11s.0	Yes
Operating System	cisco	ios_xe	3.11s.1	Yes
Operating System	cisco	ios_xe	3.11s.2	Yes
Operating System	cisco	ios_xe	3.11s.3	Yes
Operating System	cisco	ios_xe	3.12s.0	Yes
Operating System	cisco	ios_xe	3.12s.1	Yes
Operating System	cisco	ios_xe	3.12s.2	Yes
Operating System	cisco	ios_xe	3.13s.0	Yes
Operating System	cisco	ios_xe	3.13s.1	Yes
Operating System	cisco	ios_xe	3.13s.2	Yes
Operating System	cisco	ios_xe	3.14s.0	Yes

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk Vendor Advisory ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml Vendor Advisory ([email protected])
http://www.securitytracker.com/id/1033646 Third Party Advisory, VDB Entry ([email protected])
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xml Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1033646 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)