1. CVE-Search
  2. CVE-2015-6316
ID CVE-2015-6316
Summary The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.
References
Vulnerable Configurations
  • cpe:2.3:a:cisco:mobility_services_engine:5.1_base:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:5.1_base:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:5.2_base:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:5.2_base:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:6.0_base:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:6.0_base:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.0_base:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.0_base:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.4.100.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.4.100.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.4.110.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.4.110.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.4.121.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.4.121.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.4_base:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.4_base:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.5.102.101:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.5.102.101:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.6.100.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.6.100.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.6.120.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.6.120.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:7.6.132.0:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:7.6.132.0:*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:8.0\(110.0\):*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:8.0\(110.0\):*:*:*:*:*:*:*
  • cpe:2.3:a:cisco:mobility_services_engine:8.0_base:*:*:*:*:*:*:*
    cpe:2.3:a:cisco:mobility_services_engine:8.0_base:*:*:*:*:*:*:*
CVSS
Base: 6.5 (as of 06-01-2017 - 16:53)
Impact:
Exploitability:
CWE CWE-255
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW SINGLE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:S/C:P/I:P/A:P
refmap via4
bid 77432
cisco 20151104 Cisco Mobility Services Engine Static Credential Vulnerability
sectrack 1034065
Last major update 06-01-2017 - 16:53
Published 06-11-2015 - 11:59
Last modified 06-01-2017 - 16:53
Back to Top