CVE-2015-4216
Cisco Web/Email/Security Management Virtual Appliance - Unauthenticated SSH Key Info Exposure
Title source: llmDescription
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032725
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032726
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75417
Scores
EPSS
0.0332
EPSS Percentile
87.1%
Details
CWE
CWE-200
Status
published
Products (12)
cisco/content_security_management_virtual_appliance
8.4.0.0150
cisco/content_security_management_virtual_appliance
9.0.0.087
cisco/email_security_virtual_appliance
8.0.0
cisco/email_security_virtual_appliance
8.5.6
cisco/email_security_virtual_appliance
8.5.7
cisco/email_security_virtual_appliance
9.0.0
cisco/web_security_virtual_appliance
7.7.5
cisco/web_security_virtual_appliance
8.0.5
cisco/web_security_virtual_appliance
8.5.0
cisco/web_security_virtual_appliance
8.5.1
... and 2 more
Published
Jun 26, 2015
Tracked Since
Feb 18, 2026