Cisco offers weather updates for different products released due to the use of standard SSH-keys. Using the default SSH keys, an attacker remotely without valid credentials on a login system with root privileges. The only thing that is required is that the attacker can connect to the platform.
According to Cisco, the problem is that all installations of the Web Security Virtual Appliance (WSAV), Email Security Virtual Appliance (Esau) and Content Security Management Virtual Appliance (SMAV) share the same authorized SSH key for the remote support functionality. Also, an attacker via the SSH host key can also all appliances is the same, and all communications between virtual appliances decrypt and mimic.
Cisco has released updates to fix the problems. Last October there appeared an update of a similar problem in the Cisco Unified Communications Manager Domain. The networking giant has announced that to their knowledge the newly discovered problems are not yet attacked or were previously known on the Internet.
No comments:
Post a Comment