CVE-2015-6280

Name: CVE-2015-6280
Creator: NVD / NIST
Published: 2015-09-28T02:59:12.013+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 4.39%

Last modified Jun 17, 2026

CVE-2015-6280 is a vulnerability of currently unknown severity. The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.. EPSS estimates a 4.39% chance of exploitation in the next 30 days.

Description

The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.6.3E, 3.7E before 3.7.1E, 3.10S before 3.10.6S, 3.11S before 3.11.4S, 3.12S before 3.12.3S, 3.13S before 3.13.3S, and 3.14S before 3.14.1S does not properly implement RSA authentication, which allows remote attackers to obtain login access by leveraging knowledge of a username and the associated public key, aka Bug ID CSCus73013.

Metrics

EPSS Probability

4.39%

90.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-287

Affected Software

Vendor	Product	Versions
Cisco	Ios	15.2\(1\)sy
Cisco	Ios	15.2\(1\)sy0a
Cisco	Ios	15.2\(2\)e
Cisco	Ios	15.2\(2\)e1
Cisco	Ios	15.2\(2\)e2
Cisco	Ios	15.2\(2\)ea1
Cisco	Ios	15.2\(2a\)e1
Cisco	Ios	15.2\(2a\)e2
Cisco	Ios	15.2\(3\)e
Cisco	Ios	15.2\(3\)ea
Cisco	Ios	15.2\(3a\)e
Cisco	Ios	15.3\(3\)m1
Cisco	Ios	15.3\(3\)m2
Cisco	Ios	15.3\(3\)m3
Cisco	Ios	15.3\(3\)m4
Cisco	Ios	15.3\(3\)m5
Cisco	Ios	15.3\(3\)s
Cisco	Ios	15.3\(3\)s1
Cisco	Ios	15.3\(3\)s1a
Cisco	Ios	15.3\(3\)s2
Cisco	Ios	15.3\(3\)s3
Cisco	Ios	15.3\(3\)s4
Cisco	Ios	15.3\(3\)s5
Cisco	Ios	15.4\(1\)cg
Cisco	Ios	15.4\(1\)cg1
Cisco	Ios	15.4\(1\)s
Cisco	Ios	15.4\(1\)s1
Cisco	Ios	15.4\(1\)s2
Cisco	Ios	15.4\(1\)s3
Cisco	Ios	15.4\(1\)t
Cisco	Ios	15.4\(1\)t1
Cisco	Ios	15.4\(1\)t2
Cisco	Ios	15.4\(1\)t3
Cisco	Ios	15.4\(2\)cg
Cisco	Ios	15.4\(2\)s
Cisco	Ios	15.4\(2\)s1
Cisco	Ios	15.4\(2\)s2
Cisco	Ios	15.4\(2\)t
Cisco	Ios	15.4\(2\)t1
Cisco	Ios	15.4\(2\)t2
Cisco	Ios	15.4\(3\)m
Cisco	Ios	15.4\(3\)m1
Cisco	Ios	15.4\(3\)m2
Cisco	Ios	15.4\(3\)s
Cisco	Ios	15.4\(3\)s1
Cisco	Ios	15.4\(3\)s2
Cisco	Ios	15.5\(1\)s
Cisco	Ios	15.5\(1\)t
Cisco	Ios Xe	3.6e.0
Cisco	Ios Xe	3.6e.0a

Showing 50 of 74 affected configurations. See NVD for the full list.

References

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpkVendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xmlVendor Advisory
http://www.securitytracker.com/id/1033646Third Party Advisory, VDB Entry
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpkVendor Advisory
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150923-sshpk/cvrf/cisco-sa-20150923-sshpk_cvrf.xmlVendor Advisory
http://www.securitytracker.com/id/1033646Third Party Advisory, VDB Entry

Timeline

Published: Sep 28, 2015
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2015-6280?

How severe is CVE-2015-6280?

Severity scoring for CVE-2015-6280 is pending analysis. The EPSS model estimates a 4.39% probability of exploitation in the next 30 days.

How do I fix CVE-2015-6280?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2015-6280?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST