SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SM

by George Chetcuti [Published on 30 June 2015 / Last Updated on 30 June 2015]

A vulnerability in the remote support functionality of Cisco WSAv, Cisco ESAv, and Cisco SMAv Software could allow an unauthenticated, remote attacker to connect to the affected system with the privileges of the root user.

Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) are affected by the following vulnerabilities:

Cisco Virtual WSA, ESA, and SMA Default Authorized SSH Key Vulnerability
Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability

Cisco has released free software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities.

Cisco advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport

Review and Comments

Register Now for Office365 CON - 2017 Online Conference!

Early registration is now open for Office365 CON 2017, the annual online gathering of IT Strategists, Microsoft MVPs and Messaging Technology Vendors. This convenient, annual online event is presented by TechGenix and MSExchange.org for the benefit of busy IT Professionals within the global Office 365 and MS Exchange communities.

Early registrants for this year's conference will also receive a Symantec White Paper: Top 5 SSL/TLS Attack Vectors: How they have impacted IT and how you can avoid them , as well as an invitation to join a special Conference Preview broadcast.

Time and Date: Thursday, March 23, 2017, starting at 10am EDT | 9am CDT | 7am PDT

Newsletter Subscription

WindowsNetworking.com Sections

Featured Freeware

Download Free TFTP Server. The most trusted on the planet by IT Pros

SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SM

See Also

Review and Comments

See Also