Cisco revealed a security vulnerability in a number of the company's network security virtual appliances that could give someone virtually unlimited access to them—default, pre-authorized keys for Secure Shell (SSH) sessions originally intended for "customer support" purposes. As Threatpost's Dennis Fisher reported, Cisco has released software patches that correct the problem, but there's no temporary workaround for systems that can't immediately be patched.
Cisco released an advisory on the vulnerability on June 25. There are two separate SSH key vulnerabilities for the Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv).
The first is that these virtual machines, which run on VMware and KVM virtualization platforms, share a default authorized SSH key for remote login. "IP address connectivity to the management interface on the affected platform is the only requirement for the products to be exposed to this vulnerability," Cisco warned. "No additional configuration is required for this vulnerability to be exploited."
Read 3 remaining paragraphs | Comments