Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability
|
Información sobre el sistema
|
|
|
Software afectado |
Cisco |
Descripción
|
A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliances. The vulnerability is due to the presence of default SSH host keys that are shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining one of the SSH private keys and using it to impersonate
More info:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150625-CVE-2015-4217?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Virtual%20WSA,%20ESA,%20and%20SMA%20Default%20SSH%20Host%20K |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2015-4217. |