Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Saturday June 27 2015, @02:19PM   Printer-friendly
from the "security"-appliance dept.

Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

This bug is about as serious as they come for enterprises. An attacker who is able to discover the default SSH key would have virtually free reign on vulnerable boxes, which, given Cisco's market share and presence in the enterprise worldwide, is likely a high number. Threatpost.com writes that the default key was inserted into the software for support reasons.

Cisco says, "The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user."


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Insightful) by Anonymous Coward on Saturday June 27 2015, @03:36PM

    by Anonymous Coward on Saturday June 27 2015, @03:36PM (#202086)

    ... basically old issue when you're *blindly* cloning VM templates in ESX/vSphere/Xen/KVM/pick-your-favourite virtual world ...

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  

    Total Score:   1  
  • (Score: 4, Interesting) by kaszz on Saturday June 27 2015, @03:43PM

    by kaszz (4211) on Saturday June 27 2015, @03:43PM (#202088) Journal

    So basically Cisco are incompetent? ;-)

    (or it's NSA that be doing things)