Skip to main content

Cisco patches Virtual security appliances with hard-coded SSH keys

Cisco released a patch for a bunch of their virtual security appliances that consisted of hard-coded SSH keys.

If a hacker can successfully login, it would allow him or her to control the devices since all of their keys are associated with each other with a remote management interface.

You will notice that most of the virtual appliances have SSH keys and SSH host keys that are hard coded.

Cisco had also put out a patch for their vuln (“cisco-sa-20150625-ironport SSH Keys Vulnerability Fix”), and mentioned that all the previous versions (prior to 25 June), needed the fix in order to maintain the safety of the device. Once the vuln patch is applied, it deletes all the preinstalled keys and forces a reset.

The Borg recently announced that the following virtual appliance services carry default keys for all of their remote support access – Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv).

The advisory states that “IP address connectivity to the management interface on the affected platform is the only requirement for the products to be exposed to this vulnerability. No additional configuration is required for this vulnerability to be exploited.”

They further say that “This patch is not required for the physical hardware appliances or for virtual appliance downloads or upgrades after June 25, 2015.”

As of now, the company is working on the WSAv, ESAv, and SMAv patches, since they have removed the images. They say that new versions will be released and the customers will have to stick to the update schedules.