Vulnerabilities In Cisco Security Appliances Allows Unauthorised Root Login

Networking hardware manufacturer Cisco has found default SSH key vulnerabilities in all of it’s Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances.

The vulnerabilities can allow an attacker to connect to an appliance and gain full control over the device. That is, anyone who is able to discover the default SSH keys can hack into Cisco’s affected machines.

“A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user,” the company said in its security advisory.

“The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user.”

Unfortunately, there are no workarounds for the issues, but Cisco has released patches for all of the affected software versions.