Insufficient Entropy in Random Number Generator on Cisco Small Business RV Routers
CVE-2015-6418

Currently unrated

Key Information:

Vendor: Cisco
Status: Sa520; Sa540; Sa520w
Vendor: CVE Published:; 13 December 2015

Summary

A vulnerability exists in the random-number generator of Cisco Small Business RV routers 4.x and SA500 security appliances 2.2.07. This issue is due to insufficient entropy, allowing remote attackers to more easily predict and determine TLS key pairs during handshake key-exchange processes. This can lead to potentially serious security implications for the data being transmitted over TLS connections.

References

http://tools.cisco.com/security/center/content/CiscoSecur...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1034408

vdb-entryx_refsource_SECTRACK

http://www.securitytracker.com/id/1034409

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Dec 13, 2015
Vulnerability Reserved
Aug 17, 2015