Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

2015-06-25T16:00:00
ID CISCO-SA-20150625-IRONPORT
Type cisco
Reporter Cisco
Modified 2015-06-25T15:32:26

Description

A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user.

A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliances.

The vulnerability is due to the presence of default SSH host keys that are shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining one of the SSH private keys and using it to impersonate or decrypt communication between any WSAv, ESAv, or SMAv. An exploit could allow the attacker to decrypt and impersonate secure communication between any virtual content security appliances.

Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) are affected by the following vulnerabilities:

Cisco Virtual WSA, ESA, and SMA Default Authorized SSH Key Vulnerability
Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability

Cisco has released software updates that address these vulnerabilities.

There are no workarounds for these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport"]