Authentication flaw

2015-06-2610:59:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.4%

JSON

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers’ installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.

CPENameOperatorVersion
content_security_management_virtual_applianceeq9.0.0.087
content_security_management_virtual_applianceeq8.4.0.0150
email_security_virtual_applianceeq8.5.7
email_security_virtual_applianceeq8.5.6
email_security_virtual_applianceeq9.0.0
email_security_virtual_applianceeq8.0.0
web_security_virtual_applianceeq8.7.0
web_security_virtual_applianceeq7.7.5
web_security_virtual_applianceeq8.5.1
web_security_virtual_applianceeq8.6.0

Name	Operator	Version
content_security_management_virtual_appliance	eq	9.0.0.087
content_security_management_virtual_appliance	eq	8.4.0.0150
email_security_virtual_appliance	eq	8.5.7
email_security_virtual_appliance	eq	8.5.6
email_security_virtual_appliance	eq	9.0.0
email_security_virtual_appliance	eq	8.0.0
web_security_virtual_appliance	eq	8.7.0
web_security_virtual_appliance	eq	7.7.5
web_security_virtual_appliance	eq	8.5.1
web_security_virtual_appliance	eq	8.6.0