Virtual Event Today: Cloud & Data Security Summit - Join Event In-Progress
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Default SSH Keys Expose Cisco’s Virtual Security Appliances

Cisco warned on Thursday that as a result of default encryption keys in three of its security products, customers are at risk of an unauthenticated remote attacker being able intercept traffic or gain access to vulnerable systems with root privileges.

Cisco warned on Thursday that as a result of default encryption keys in three of its security products, customers are at risk of an unauthenticated remote attacker being able intercept traffic or gain access to vulnerable systems with root privileges.

In a security advisory published June 25, Cisco said that its Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) are vulnerable due to default SSH keys which could allow an unauthenticated, remote attacker to connect to an affected system with the privileges of the root user.

The networking giant has released free softwares updates to fix the flaws and said that its physical appliances are not affected by the vulnerabilities.

Specifically, Cisco said the affected appliances all have default authorized SSH keys and default SSH host keys.

The default authorized SSH key vulnerability (CVE-2015-4216) is a flaw in the remote support functionality of the virtual appliances, which if exploited, could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

“The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv,” Cisco said. “An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv.”

Advertisement. Scroll to continue reading.

The default SSH host keys vulnerability (CVE-2015-4217) is also a flaw in the remote support functions of the products and could allow an unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliances, Cisco said.

“At attacker with possession of compromised keys, who is able to intercept traffic between the WSAv or ESAv and a host it is communicating with, would be able to decrypt the communication with a man-in-the-middle attack,” the advisory explained.

Customers should patch immediately, as there are no workarounds for these vulnerabilities.

Fortunately, Cisco said that vulnerabilities were found during internal testing and security reviews, and the company is not aware of malicious exploitation of the vulnerabilities in the wild. 

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

N-able has appointed Russell Rosa as Chief Revenue Officer.

Stacy O'Mara has joined Armadin as Chief Policy Officer and Director of Global Government Affairs.

F5 has appointed Cathy Peterman as Chief People Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.