Back to search
CVE-2015-4216
Published: Jun 26, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20150625 Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA
vendor-advisory
x_refsource_CISCO
1032725
vdb-entry
x_refsource_SECTRACK
1032726
vdb-entry
x_refsource_SECTRACK
75417
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now