Vulnerability Details : CVE-2015-6316
The default configuration of sshd_config in Cisco Mobility Services Engine (MSE) through 8.0.120.7 allows logins by the oracle account, which makes it easier for remote attackers to obtain access by entering this account's hardcoded password in an SSH session, aka Bug ID CSCuv40501.
Exploit prediction scoring system (EPSS) score for CVE-2015-6316
Probability of exploitation activity in the next 30 days: 0.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2015-6316
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST |
CWE ids for CVE-2015-6316
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-6316
-
http://www.securityfocus.com/bid/77432
Cisco Mobility Services Engine CVE-2015-6316 Insecure Default Password VulnerabilityThird Party Advisory;VDB Entry
-
http://www.securitytracker.com/id/1034065
Cisco Mobility Services Engine Default Account and Credentials Lets Remote Users Access the Target System - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151104-mse-cred
Cisco Mobility Services Engine Static Credential VulnerabilityMitigation;Vendor Advisory
Products affected by CVE-2015-6316
- cpe:2.3:a:cisco:mobility_services_engine:5.1_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:8.0\(110.0\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.4.100.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.4.110.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.4.121.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.5.102.101:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:6.0_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.4_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.6.100.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.6.132.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:5.2_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.0_base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:7.6.120.0:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:mobility_services_engine:8.0_base:*:*:*:*:*:*:*