Cisco Vulnerable to Attack Due to Multiple Default SSH Keys
It is surprising to see that even major security companies like Cisco could be at risk from the hackers who are in for something against them.
The company has confirmed that their services could be susceptible to hacker attacks due to the presence of multiple default SSH keys.
As a result, Cisco has released an update to their security management virtual appliances, web security and email security in an attempt to cut down the vulnerabilities.
According to the information shared by them, the flaw can relate to a default SSH host keys vulnerability and/ or default authorised SSH key vulnerability. Whereas the products affected are Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv).
The vulnerability is due to the presence of a default authorised SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user.
For everyone concerned, there are no workarounds to this but the updates provided should fix things up for the users that are authorized.
For more on the matter, here is a link to the security advisory of Cisco with all the details that you might need.