 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.147122 |
| Category: | SSL and TLS |
| Title: | SSL/TLS: Known Compromised Certificate Detection |
| Summary: | The remote SSL/TLS service is using an SSL/TLS certificate which; is known to be compromised (e.g. known private keys, used by malware, etc). |
| Description: | Summary: The remote SSL/TLS service is using an SSL/TLS certificate which is known to be compromised (e.g. known private keys, used by malware, etc). Vulnerability Impact: An attacker could use this for man-in-the-middle (MITM) attacks, accessing sensible data and other attacks. Affected Software/OS: A wide range of devices from vendors like Actiontec, Cisco, D-Link Systems, General Electric, Huawei Technologies, NetComm Wireless Limited, Sierra Wireless, Technicolor, Ubiquiti Networks, ZTE Corporation and ZyXEL are known to be affected. Solution: Replace the SSL/TLS certificate with a trusted/clean one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-6358 BugTraq ID: 78047 http://www.securityfocus.com/bid/78047 CERT/CC vulnerability note: VU#566724 http://www.kb.cert.org/vuls/id/566724 Cisco Security Advisory: 20151125 Multiple Cisco Products Confidential Information Decryption Man-in-the-Middle Vulnerability http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151125-ci http://www.securitytracker.com/id/1034255 http://www.securitytracker.com/id/1034256 http://www.securitytracker.com/id/1034257 http://www.securitytracker.com/id/1034258 Common Vulnerability Exposure (CVE) ID: CVE-2015-7255 https://github.com/sec-consult/houseofkeys/search?p=3&q=zte&type=&utf8=%E2%9C%93 https://www.kb.cert.org/vuls/id/BLUU-A2NQYR Common Vulnerability Exposure (CVE) ID: CVE-2015-7256 Common Vulnerability Exposure (CVE) ID: CVE-2015-7276 https://sec-consult.com/en/blog/2015/11/house-of-keys-industry-wide-https/ Common Vulnerability Exposure (CVE) ID: CVE-2015-8251 Common Vulnerability Exposure (CVE) ID: CVE-2015-8260 |
| Copyright | Copyright (C) 2021 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |