CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
49.3%
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers’ installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
Vendor | Product | Version | CPE |
---|---|---|---|
cisco | content_security_management_virtual_appliance | 8.4.0.0150 | cpe:2.3:a:cisco:content_security_management_virtual_appliance:8.4.0.0150:*:*:*:*:*:*:* |
cisco | content_security_management_virtual_appliance | 9.0.0.087 | cpe:2.3:a:cisco:content_security_management_virtual_appliance:9.0.0.087:*:*:*:*:*:*:* |
cisco | email_security_virtual_appliance | 8.0.0 | cpe:2.3:a:cisco:email_security_virtual_appliance:8.0.0:*:*:*:*:*:*:* |
cisco | email_security_virtual_appliance | 8.5.6 | cpe:2.3:a:cisco:email_security_virtual_appliance:8.5.6:*:*:*:*:*:*:* |
cisco | email_security_virtual_appliance | 8.5.7 | cpe:2.3:a:cisco:email_security_virtual_appliance:8.5.7:*:*:*:*:*:*:* |
cisco | email_security_virtual_appliance | 9.0.0 | cpe:2.3:a:cisco:email_security_virtual_appliance:9.0.0:*:*:*:*:*:*:* |
cisco | web_security_virtual_appliance | 7.7.5 | cpe:2.3:a:cisco:web_security_virtual_appliance:7.7.5:*:*:*:*:*:*:* |
cisco | web_security_virtual_appliance | 8.0.5 | cpe:2.3:a:cisco:web_security_virtual_appliance:8.0.5:*:*:*:*:*:*:* |
cisco | web_security_virtual_appliance | 8.5.0 | cpe:2.3:a:cisco:web_security_virtual_appliance:8.5.0:*:*:*:*:*:*:* |
cisco | web_security_virtual_appliance | 8.5.1 | cpe:2.3:a:cisco:web_security_virtual_appliance:8.5.1:*:*:*:*:*:*:* |