Cisco patches multiple default SSH key vulnerabilities in virtual appliances

According to a Security Advisory issued yesterday, many of Cisco Security’s virtual appliances employ default SSH host and private keys associated with remote management – meaning an attacker in “possession of compromised keys, who is able to intercept traffic between the WSAv or ESAv and a host it is communicating with, would be able to decrypt the communication with a man-in-the-middle attack”.

All Web Security Virtual Appliances (WSAv), Email Security Virtual Appliances (ESAv) and Content Security Management Virtual Appliances (SMAv) are affected.

“A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

“The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user.”

If this all sounds familiar, it’s because Cisco issued this advisory last July:

“A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

“The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user.”

Cisco has released free software updates to address the new vulnerabilities.

Patch management

The exploitation of known vulnerabilities is one of the easiest methods by which cyber criminals can hack websites, so the importance of maintaining up-to-date software is paramount for all organisations that value their information security. If you continue to use unsupported or vulnerable versions, then your website runs a significantly higher risk of compromise.

Penetration testing

If you’re unsure about your patch management practices and are concerned about your organisation’s susceptibility to online attack, you’ll be interested in IT Governance’s penetration testing packages. Designed to identify vulnerabilities and provide remedial measures that you can take to secure your systems, they provide a complete solution for the routine security testing of your websites and IT systems to ensure that your networks and applications remain secure against cyber attacks.

Click here for more information >>