CVE-2015-4217
Cisco Web, Email, and Security Management Virtual Appliances - Sensitive Information Exposure via Default SSH Keys
Title source: llmDescription
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.
References (5)
Core 5
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032725
Vendor Advisory vendor-advisory
x_refsource_cisco
http://tools.cisco.com/security/center/viewAlert.x?alertId=39461
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032726
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75418
Scores
EPSS
0.0224
EPSS Percentile
80.7%
Details
CWE
CWE-200
CWE-310
Status
published
Products (12)
cisco/content_security_management_virtual_appliance
8.4.0.0150
cisco/content_security_management_virtual_appliance
9.0.0.087
cisco/email_security_virtual_appliance
8.0.0
cisco/email_security_virtual_appliance
8.5.6
cisco/email_security_virtual_appliance
8.5.7
cisco/email_security_virtual_appliance
9.0.0
cisco/web_security_virtual_appliance
7.7.5
cisco/web_security_virtual_appliance
8.0.5
cisco/web_security_virtual_appliance
8.5.0
cisco/web_security_virtual_appliance
8.5.1
... and 2 more
Published
Jun 26, 2015
Tracked Since
Feb 18, 2026