Vulnerability Description
The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sa520 | 2.2.07 |
| Cisco | Sa520W | 2.2.07 |
| Cisco | Sa540 | 2.2.07 |
| Cisco | Rv016 Multi-Wan Vpn Firmware | 4.0.0.7 |
| Cisco | Rv042 Dual Wan Vpn Router Firmware | 4.0.2.8 |
| Cisco | Rv042G Dual Gigabit Wan Vpn Firmware | 4.0.0.7 |
| Cisco | Rv082 Dual Wan Vpn Router Firmware | 4.0.0.7 |
Related Weaknesses (CWE)
References
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/78876
- http://www.securitytracker.com/id/1034408
- http://www.securitytracker.com/id/1034409
- http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20Vendor Advisory
- http://www.securityfocus.com/bid/78876
- http://www.securitytracker.com/id/1034408
- http://www.securitytracker.com/id/1034409
FAQ
What is CVE-2015-6418?
CVE-2015-6418 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS ...
How severe is CVE-2015-6418?
CVE-2015-6418 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-6418?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sa520, Cisco Sa520W, Cisco Sa540, Cisco Rv016 Multi-Wan Vpn Firmware, Cisco Rv042 Dual Wan Vpn Router Firmware.