A large number of Cisco security devices was traced to the presence of a default SSH key-vulnerability warning-the black bar safety net

ID MYHACK58:62201564137
Type myhack58
Reporter 佚名
Modified 2015-06-29T00:00:00


! Cisco revealed that a large number of Cisco security devices was traced to the presence of a default SSH key, an attacker can use this vulnerability to control the device. The scope of the impact Cisco's security experts found that a lot of Cisco security devices in the presence of a default SSH key, an attacker can use them to establish a SSH connection, and the ability to control the device. The SSH key of the abuse reflects a serious problem, i.e., the relevant enterprises and institutions are likely to be exposed in the cyber attack risk. According to Cisco's message, a Web Security virtual appliance, email security virtual appliance and Content Security Management virtual appliance are subject to the security implications. Since the Cisco system applications widely, security has become a Cisco system's key, and the default key is used for maintenance purposes. The vulnerability is by the Cisco experts in internal security found during testing. ! Cisco released the report: “Cisco products Wkrg, the ESAv and SMAv software within the remote support function in the presence of a vulnerability, the vulnerability allows a remote, unauthenticated attacker with root user permission to connect to an affected system, the attacker can decrypt and mimic any virtual content security device between the security communication. The vulnerability is due to the existence of a default authorization SSH key, and installing all of Wkrn, the ESAv and the SMAv can share the key. An attacker could by obtaining the SSH private key to exploit the vulnerability, you can use it to connect to any of Wkrn, the ESAv and SMAv device. In addition, an attacker could also exploit the vulnerability to root user permissions to access the device system. Currently, Cisco has released for the vulnerability updates.” Exploit the low threshold This security is easily exploited, especially if the attacker can target the network man in the middle attacks, then the attacker can use the default SSH key to the secret access to the target system. “In the Cisco SMAv products on the use of this vulnerability in all cases is possible, because the SMAv used to manage any content of the safety equipment. In Cisco SMAv on the successful exploitation of the vulnerability so that attackers can decrypt with the SMAv for communication, and can simulate the SMAv to one after the configuration of content on the device to send the changed data. The attacker can in the leading to the Any by SMAv management of content security device on the communication link to exploit this vulnerability.” Currently, to solve this security issue the only way is to apply Cisco released patches.