← Back

CVE-2015-6418

nvd nist
Published: Dec 13, 2015Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The random-number generator on Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07 does not have sufficient entropy, which makes it easier for remote attackers to determine a TLS key pair via unspecified computations upon handshake key-exchange data, aka Bug ID CSCus15224.

Affected (12)

Cisco
7 products
Sa520
Sa520w
Sa540
Rv016 Multi Wan Vpn Firmware
Rv042 Dual Wan Vpn Router Firmware
Rv042g Dual Gigabit Wan Vpn Firmware
Rv082 Dual Wan Vpn Router Firmware
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Sa520
Version 2.2.07
Sa520w
Version 2.2.07
Sa540
Version 2.2.07
Configuration B
9 vulnerable
Vulnerable SoftwareAffected Versions
Cisco
Rv016 Multi Wan Vpn Firmware
Version 4.0.0.7
Rv016 Multi Wan Vpn Firmware
Version 4.0.2.8
Rv016 Multi Wan Vpn Firmware
Version 4.0.5.0
Rv042 Dual Wan Vpn Router Firmware
Version 4.0.2.8
Cisco
Rv042g Dual Gigabit Wan Vpn Firmware
Version 4.0.0.7
Rv042g Dual Gigabit Wan Vpn Firmware
Version 4.2.2.7
Rv042g Dual Gigabit Wan Vpn Firmware
Version 4.2.2.8
Cisco
Rv082 Dual Wan Vpn Router Firmware
Version 4.0.0.7
Rv082 Dual Wan Vpn Router Firmware
Version 4.0.2.8

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

Source: psirt@cisco.com
Vendor Advisory
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: psirt@cisco.com
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.