Sign-up

ID

VAR-201601-0488


CVE

CVE-2015-6412


TITLE

Cisco Modular Encoding Platform D9036 Vulnerability for obtaining access rights in software

Trust: 0.8

sources: JVNDB: JVNDB-2015-006852

DESCRIPTION

Cisco Modular Encoding Platform D9036 Software before 02.04.70 has hardcoded (1) root and (2) guest passwords, which makes it easier for remote attackers to obtain access via an SSH session, aka Bug ID CSCut88070. Vendors have confirmed this vulnerability Bug ID CSCut88070 It is released as.By a third party SSH Access may be gained through a session. Remote attackers with knowledge of the default credentials may exploit this vulnerability to gain unauthorized access and perform unauthorized actions. This may aid in further attacks. This issue being tracked by Cisco Bug ID CSCut88070

Trust: 1.98

sources: NVD: CVE-2015-6412 // JVNDB: JVNDB-2015-006852 // BID: 81307 // VULHUB: VHN-84373

AFFECTED PRODUCTS

vendor:ciscomodel:modular encoding platform d9036 softwarescope:eqversion:02.00.80

Trust: 1.6

vendor:ciscomodel:modular encoding platform d9036 softwarescope:eqversion:02.02.30

Trust: 1.6

vendor:ciscomodel:modular encoding platform d9036 softwarescope:eqversion:02.03.30

Trust: 1.6

vendor:ciscomodel:modular encoding platform d9036 softwarescope:eqversion:02.01.50

Trust: 1.6

vendor:ciscomodel:modular encoding platform d9036scope: - version: -

Trust: 0.8

vendor:ciscomodel:modular encoding platform d9036 softwarescope:ltversion:02.04.70

Trust: 0.8

vendor:ciscomodel:d9036 modular encoding platformscope:eqversion:2.3.214

Trust: 0.3

vendor:ciscomodel:d9036 modular encoding platformscope:neversion:2.4.70

Trust: 0.3

sources: BID: 81307 // JVNDB: JVNDB-2015-006852 // CNNVD: CNNVD-201601-600 // NVD: CVE-2015-6412

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6412
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-6412
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201601-600
value: CRITICAL

Trust: 0.6

VULHUB: VHN-84373
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-6412
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84373
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-6412
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-84373 // JVNDB: JVNDB-2015-006852 // CNNVD: CNNVD-201601-600 // NVD: CVE-2015-6412

PROBLEMTYPE DATA

problemtype:CWE-255

Trust: 1.9

sources: VULHUB: VHN-84373 // JVNDB: JVNDB-2015-006852 // NVD: CVE-2015-6412

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-600

TYPE

trust management

Trust: 0.6

sources: CNNVD: CNNVD-201601-600

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006852

PATCH
title:cisco-sa-20160120-d9036url:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160120-d9036
Trust: 0.8
title:Cisco Modular Encoding Platform D9036 Software Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59918
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006852 // 
            
            
            
            CNNVD: CNNVD-201601-600

EXTERNAL IDS
db:NVDid:CVE-2015-6412
Trust: 2.8
db:JVNDBid:JVNDB-2015-006852
Trust: 0.8
db:CNNVDid:CNNVD-201601-600
Trust: 0.7
db:BIDid:81307
Trust: 0.4
db:VULHUBid:VHN-84373
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84373 // 
            
            
            
            BID: 81307 // 
            
            
            
            JVNDB: JVNDB-2015-006852 // 
            
            
            
            CNNVD: CNNVD-201601-600 // 
            
            
            
            NVD: CVE-2015-6412

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160120-d9036
Trust: 2.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6412
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6412
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84373 // 
            
            
            
            BID: 81307 // 
            
            
            
            JVNDB: JVNDB-2015-006852 // 
            
            
            
            CNNVD: CNNVD-201601-600 // 
            
            
            
            NVD: CVE-2015-6412

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 81307

SOURCES
db:VULHUBid:VHN-84373
db:BIDid:81307
db:JVNDBid:JVNDB-2015-006852
db:CNNVDid:CNNVD-201601-600
db:NVDid:CVE-2015-6412

LAST UPDATE DATE
2025-04-13T23:25:11.010000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84373date:2016-01-25T00:00:00
db:BIDid:81307date:2016-01-20T00:00:00
db:JVNDBid:JVNDB-2015-006852date:2016-01-27T00:00:00
db:CNNVDid:CNNVD-201601-600date:2016-01-25T00:00:00
db:NVDid:CVE-2015-6412date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84373date:2016-01-22T00:00:00
db:BIDid:81307date:2016-01-20T00:00:00
db:JVNDBid:JVNDB-2015-006852date:2016-01-27T00:00:00
db:CNNVDid:CNNVD-201601-600date:2016-01-25T00:00:00
db:NVDid:CVE-2015-6412date:2016-01-22T11:59:00.130