Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ciscoCiscoCISCO-SA-20150625-CVE-2015-4217
HistoryJun 25, 2015 - 4:04 p.m.

Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability

2015-06-2516:04:47
tools.cisco.com
18

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.7%

JSON

A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliances.

The vulnerability is due to the presence of default SSH host keys that are shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining one of the SSH private keys and using it to impersonate or decrypt communication between any WSAv, ESAv, or SMAv. An exploit could allow the attacker to decrypt and impersonate secure communication between any virtual content security appliances.

Cisco has confirmed the vulnerability in a security advisory and released software updates.

To exploit this vulnerability, an attacker must first stage a man-in-the-middle attack between the targeted device and the host. This requirement may increase the difficulty of a successful exploit.

A successful exploit of this vulnerability may allow the attacker to decrypt communication and access sensitive information, impersonate a targeted device and send modified data to a configured content appliance, or limit SSH access to any content appliance managed by the targeted device, which could be used to conduct further attacks.

Only virtual WSA, ESA, and SMA appliances are affected by this vulnerability. Cisco WSA, Cisco ESA, and Cisco Content Security Management Appliance are not affected by this vulnerability.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.

Affected configurations

Vulners
Node
ciscocontent_security_management_virtual_applianceMatchany
OR
ciscoemail_security_virtual_applianceMatchany
OR
ciscoweb_security_virtual_applianceMatchany
OR
ciscocontent_security_management_virtual_applianceMatchany
OR
ciscoemail_security_virtual_applianceMatchany
OR
ciscoweb_security_virtual_applianceMatchany

Related

cvelist 1
openvas 1
nessus 1
prion 1
cve 1
nvd 1
securityvulns 1
cisco 1
cvelist
cvelist
CVE-2015-4217
2015-06-26 10:00:00
openvas
openvas
Multiple Cisco Products Default SSH Host Keys Security Bypass Vulnerability
2015-08-14 00:00:00
nessus
nessus
Cisco Ironport Security Appliance Default Host Key Vulnerability
2015-07-02 00:00:00
prion
prion
Design/Logic Flaw
2015-06-26 10:59:00
cve
cve
CVE-2015-4217
2015-06-26 10:59:04
nvd
nvd
CVE-2015-4217
2015-06-26 10:59:04
securityvulns
securityvulns
Cisco Virtual WSA / ESA / SMA default keys
2015-06-29 00:00:00
cisco
cisco
Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA
2015-06-25 16:00:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

58.7%

JSON
Related for CISCO-SA-20150625-CVE-2015-4217
cvelist1openvas1nessus1prion1cve1nvd1securityvulns1cisco1