Rapid7 Nexpose Virtual Appliance Duplicate SSH Host Key
CVE-2017-5242

7.7HIGH

Key Information:

Vendor: Rapid7
Status: Nexpose Virtual Appliance; Insightvm Virtual Appliance
Vendor: CVE Published:; 12 January 2023

What is CVE-2017-5242?

The Nexpose and InsightVM virtual appliances, when downloaded within a specific timeframe in 2017, are affected by a significant security issue where identical SSH host keys are generated. This is contrary to standard practice, where each virtual appliance should have a unique SSH host key upon its first boot. The presence of duplicate SSH host keys can expose the appliances to risks such as man-in-the-middle attacks, as malicious actors may exploit the predictable nature of these keys. It is crucial for users of the affected products to immediately take corrective actions to ensure secure and unique key management.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

InsightVM Virtual Appliance 2017.04.05 < 2017.04.05*

InsightVM Virtual Appliance 2017.05.03

Nexpose Virtual Appliance 2017.04.05 < 2017.04.05*

References

https://www.rapid7.com/blog/post/2017/05/17/rapid7-nexpos...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 12, 2023
Vulnerability Reserved
Jan 9, 2017

JSON

Rapid7

What is CVE-2017-5242?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.