CVE-2015-4217

Currently unrated

Key Information:

Vendor
Cisco
Status
Email Security Virtual Appliance
Content Security Management Virtual Appliance
Web Security Virtual Appliance
Vendor
CVE Published:
26 June 2015

Summary

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO
http://www.securitytracker.com/id/1032725
vdb-entryx_refsource_SECTRACK
http://tools.cisco.com/security/center/viewAlert.x?alertI...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.