CVE-2015-7286 - OpenCVE

CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Csl Dualcom	Gprs Gprs Cs2300-r Firmware

Configuration 1 [-]

AND

OR	cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:1.25:::::::*
	cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:3.53:::::::*

cpe:2.3:h:csl_dualcom:gprs:cs2300-r:*:*:*:*:*:*:*

References

Link	Resource
http://cybergibbons.com/?p=2844	Exploit
http://www.kb.cert.org/vuls/id/428280	Third Party Advisory US Government Resource
http://www.kb.cert.org/vuls/id/BLUU-A3NQAL	Third Party Advisory US Government Resource

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: certcc

Published: 2015-11-25T02:00:00

Updated: 2015-11-25T04:57:04

Reserved: 2015-09-18T00:00:00

Link: CVE-2015-7286

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-11-25T04:59:03.527

Modified: 2015-11-27T19:36:40.477

Link: CVE-2015-7286

JSON object: View

Redhat Information

No data.

CWE

CWE-310

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-11-23T00:00:00", "descriptions": [{"lang": "en", "value": "CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2015-11-25T04:57:04", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"name": "VU#428280", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/428280"}, {"tags": ["x_refsource_MISC"], "url": "http://cybergibbons.com/?p=2844"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kb.cert.org/vuls/id/BLUU-A3NQAL"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2015-7286", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "VU#428280", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/428280"}, {"name": "http://cybergibbons.com/?p=2844", "refsource": "MISC", "url": "http://cybergibbons.com/?p=2844"}, {"name": "http://www.kb.cert.org/vuls/id/BLUU-A3NQAL", "refsource": "CONFIRM", "url": "http://www.kb.cert.org/vuls/id/BLUU-A3NQAL"}]}}}}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2015-7286", "datePublished": "2015-11-25T02:00:00", "dateReserved": "2015-09-18T00:00:00", "dateUpdated": "2015-11-25T04:57:04", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:1.25:*:*:*:*:*:*:*", "matchCriteriaId": "2397CE4A-E81A-4AC3-B270-55B9C3B048EA", "vulnerable": true}, {"criteria": "cpe:2.3:o:csl_dualcom:gprs_cs2300-r_firmware:3.53:*:*:*:*:*:*:*", "matchCriteriaId": "81B16396-C7FC-41B5-B7F4-FEA34DC2D0A9", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:csl_dualcom:gprs:cs2300-r:*:*:*:*:*:*:*", "matchCriteriaId": "31C0CB19-FCF0-42D7-B206-B0DB2D92E3A2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely on a polyalphabetic substitution cipher with hardcoded keys, which makes it easier for remote attackers to defeat a cryptographic protection mechanism by capturing IP or V.22bis PSTN protocol traffic."}, {"lang": "es", "value": "Dispositivos CSL DualCom GPRS CS2300-R con firmware 1.25 hasta la versi\u00f3n 3.53 conf\u00edan en un cifrado de sustituci\u00f3n polialfab\u00e9tico con claves embebidas, lo que facilita a atacantes remotos superar un mecanismo de protecci\u00f3n criptogr\u00e1fico capturando la IP o el tr\u00e1fico del protocolo V.22bis PSTN."}], "id": "CVE-2015-7286", "lastModified": "2015-11-27T19:36:40.477", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-11-25T04:59:03.527", "references": [{"source": "cret@cert.org", "tags": ["Exploit"], "url": "http://cybergibbons.com/?p=2844"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/428280"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/BLUU-A3NQAL"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}