{"vuid":"VU#566724","idnumber":"566724","name":"Embedded devices use non-unique X.509 certificates and SSH host keys","keywords":["ssl certificates","ssh private keys","key management errors"],"overview":"Embedded devices use non-unique X.509 certificates and SSH host keys that can be leveraged in impersonation, man-in-the-middle, or passive decryption attacks.","clean_desc":"CWE-321: Use of Hard-coded Cryptographic Key - Multiple CVEs Research by Stefan Viehböck of SEC Consult has found that numerous embedded devices accessible on the public Internet use non-unique X.509 certificates and SSH host keys. Products are identified as vulnerable if unpacked firmware images are found to contain hard-coded keys or certificates whose fingerprints can be matched to data from the Internet-wide scan data repository, scans.io (specifically, see SSH results and SSL certificates). Affected devices range broadly from home routers and IP cameras to VOIP phones. For the majority of vulnerable devices, reuse of certificates and keys are limited to the product lines of individual vendors. There are some instances where identical certificates and keys are used by multiple vendors. In these cases, the root cause may be due to firmware that is developed from common SDKs, or OEM devices using ISP-provided firmware. Vulnerable devices may be subject to impersonation, man-in-the-middle, or passive decryption attacks. It may be possible for an attacker to obtain credentials or other sensitive information that may be used in further attacks. For additional details about the research and affected products by certificates and SSH host keys, refer to the original SEC Consult blog post on the topic, as well as the nine-month follow-up blog.","impact":"A remote, unauthenticated attacker may be able to carry out impersonation, man-in-the-middle, or passive decryption attacks, resulting in sensitive information exposure.","resolution":"In most cases, the CERT/CC is unaware of a practical solution to this problem. Some vendors have indicated that updates or guidance will be provided, and this information will be updated within individual vendor information pages below when known. Users are encouraged to contact device vendors for more information.","workarounds":"Change X.509 certificates or SSH host keys Where possible, users of affected devices should manually replace X.509 certificates or SSH host keys so that they are unique to the device. Restrict access As a general good security practice, only allow connections from trusted hosts and networks. Note that restricting access does not prevent a capable attacker from intercepting and decrypting vulnerable communications, but it may limit an attacker's ability to make use of compromised credentials from an untrusted host.","sysaffected":"","thanks":"Thanks to Stefan Viehböck of SEC Consult for reporting this vulnerability.","author":"This document was written by Joel Land.","public":["http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html","http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html","https://www.sec-consult.com/download/certificates.html","https://www.sec-consult.com/download/ssh_host_keys.html","https://scans.io/","https://scans.io/series/ssh-rsa-full-ipv4","https://scans.io/study/sonar.ssl","https://censys.io"],"cveids":["CVE-2015-6358","CVE-2015-7255","CVE-2015-7256","CVE-2015-7276","CVE-2015-8251","CVE-2015-8260"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2015-08-11T12:52:25Z","publicdate":"2015-11-25T00:00:00Z","datefirstpublished":"2015-11-25T14:18:06Z","dateupdated":"2016-09-06T16:03:02Z","revision":69,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"2","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"P","cvss_integrityimpact":"N","cvss_availabilityimpact":"N","cvss_exploitablity":null,"cvss_remediationlevel":"U","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"5","cvss_basevector":"AV:N/AC:L/Au:N/C:P/I:N/A:N","cvss_temporalscore":"4.8","cvss_environmentalscore":"3.532896423","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}