CVE-2015-4217

Cisco Web, Email, and Security Management Virtual Appliances - Sensitive Information Exposure via Default SSH Keys

Title source: llm
STIX 2.1

Description

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032725
Vendor Advisory vendor-advisory x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=39461
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032726
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75418

Scores

EPSS 0.0224
EPSS Percentile 80.7%

Details

CWE
CWE-200 CWE-310
Status published
Products (12)
cisco/content_security_management_virtual_appliance 8.4.0.0150
cisco/content_security_management_virtual_appliance 9.0.0.087
cisco/email_security_virtual_appliance 8.0.0
cisco/email_security_virtual_appliance 8.5.6
cisco/email_security_virtual_appliance 8.5.7
cisco/email_security_virtual_appliance 9.0.0
cisco/web_security_virtual_appliance 7.7.5
cisco/web_security_virtual_appliance 8.0.5
cisco/web_security_virtual_appliance 8.5.0
cisco/web_security_virtual_appliance 8.5.1
... and 2 more
Published Jun 26, 2015
Tracked Since Feb 18, 2026