CVE-2015-4216

Cisco Web/Email/Security Management Virtual Appliance - Unauthenticated SSH Key Info Exposure

Title source: llm
STIX 2.1

Description

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032725
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032726
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75417

Scores

EPSS 0.0332
EPSS Percentile 87.1%

Details

CWE
CWE-200
Status published
Products (12)
cisco/content_security_management_virtual_appliance 8.4.0.0150
cisco/content_security_management_virtual_appliance 9.0.0.087
cisco/email_security_virtual_appliance 8.0.0
cisco/email_security_virtual_appliance 8.5.6
cisco/email_security_virtual_appliance 8.5.7
cisco/email_security_virtual_appliance 9.0.0
cisco/web_security_virtual_appliance 7.7.5
cisco/web_security_virtual_appliance 8.0.5
cisco/web_security_virtual_appliance 8.5.0
cisco/web_security_virtual_appliance 8.5.1
... and 2 more
Published Jun 26, 2015
Tracked Since Feb 18, 2026