CVE-2015-6280

Name of the Vulnerable Software and Affected Versions Cisco IOS versions 15.2 through 15.5 Cisco IOS XE versions 3.6E through 3.6.2E Cisco IOS XE versions 3.7E through 3.7.0E Cisco IOS XE versions 3.10S through 3.10.5S Cisco IOS XE versions 3.11S through 3.11.3S Cisco IOS XE versions 3.12S through 3.12.2S Cisco IOS XE versions 3.13S through 3.13.2S Cisco IOS XE versions 3.14S through 3.14.0S

Description The SSHv2 functionality in Cisco IOS and IOS XE does not properly implement RSA authentication, allowing remote attackers to obtain login access by leveraging knowledge of a username and the associated public key. This vulnerability affects devices configured for public key authentication method, also known as an RSA-based user authentication feature. The attacker must know a valid username configured for Rivest, Shamir, and Adleman (RSA)-based user authentication and the public key configured for that user to exploit this vulnerability. Successful exploitation could allow the attacker to log in with the privileges of the user or the privileges configured for the Virtual Teletype (VTY) line, potentially obtaining administrative privileges on the system.

Recommendations For Cisco IOS versions 15.2 through 15.5, update to a fixed version. For Cisco IOS XE versions 3.6E through 3.6.2E, update to version 3.6.3E or later. For Cisco IOS XE versions 3.7E through 3.7.0E, update to version 3.7.1E or later. For Cisco IOS XE versions 3.10S through 3.10.5S, update to version 3.10.6S or later. For Cisco IOS XE versions 3.11S through 3.11.3S, update to version 3.11.4S or later. For Cisco IOS XE versions 3.12S through 3.12.2S, update to version 3.12.3S or later. For Cisco IOS XE versions 3.13S through 3.13.2S, update to version 3.13.3S or later. For Cisco IOS XE versions 3.14S through 3.14.0S, update to version 3.14.1S or later. As a temporary workaround, consider disabling RSA-based user authentication to avoid exploitation.