Executive Summary

Summary
Title Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA
Informations
Name cisco-sa-20150625-ironport First vendor Publication 2015-06-25
Vendor Cisco Last vendor Modification 2015-06-25
Severity (Vendor) N/A Revision 1.0

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N)
Cvss Base Score 5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) are affected by the following vulnerabilities:

Cisco Virtual WSA, ESA, and SMA Default Authorized SSH Key Vulnerability Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability

Cisco has released free software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities.

This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport

BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS)

iQIVAwUBVYwnmopI1I6i1Mx3AQI8DA//UJpwngo+3TKUbizNCHSpjP5+lZxyiekt KSS/5AiI3xjJ1Jwm/x7ag2bmnvJToY/5kMi9MEYX5iuS/QdtThW3i34P80miK8aS 8O4/LM1rcHCnKvYtIfvsJz8fieMMys/3s7upAi4QuDszwvB8tVOsJBgDjtUbIf54 UzfoAtyK8aF95xtNyng3eeVP+8w+SHsUMuUGOfDIT6S4tmjlCLTe9/vpAlfJWUvI bUVY26nVXgcH/fOYTYabjuiPj/1Ox5Hc/UPgu/P1Zeccrn3t/+x3PeB3YQe8qc6m kVdrtJQu6PxjKHdRDTeH1agAvm4E438JDCbuQObj6lf+mQjpDpWvBuJaUNPh05Dx 0cWX4Y1UhzCZwsITI/BnGLUZ898Ho6MxcD2jl+f2/UYvSeZRH0UptwlwqOpU9HvL Za3I1Jy662426A/IX/rgvoQQDATbNQ8hOh7GsVeVPE7IZhCtUtelauKm3gfyHYPR HdALNZxUaiueavYGEO8873JB4FDY/hS/e8/nkk/9yfW1hLvxZ7HpPvA/5nQf7Nha KkB8JBffO3A173LS3ko9NBAIpx4el8zzhye4xoWU7r+wcTWwt1NcccTX7PEQ+fG0 ynSrBZuMWuNeKazmOZe0zIWfrWhaWtcqB609+4YvVP4gyiphW50p1janw5CkW1NF rAKcc/vfKO4= =Gmcx END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com

Original Source

Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...)

CWE : Common Weakness Enumeration

% Id Name
67 % CWE-200 Information Exposure
33 % CWE-310 Cryptographic Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 2
Application 4
Application 6

Information Assurance Vulnerability Management (IAVM)

Date Description
2015-07-02 IAVM : 2015-A-0136 - Multiple Vulnerabilities in Multiple Cisco Security Appliances
Severity : Category I - VMSKEY : V0061051

Nessus® Vulnerability Scanner

Date Description
2015-07-02 Name : The remote security appliance is missing a vendor-supplied patch.
File : cisco_ironport_default_host_key.nasl - Type : ACT_GATHER_INFO
2015-07-02 Name : The remote host is missing a vendor-supplied security patch.
File : cisco_ironport_static_keys.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
1
2
3
Date Informations
2015-10-18 17:22:09
  • Multiple Updates
2015-07-03 13:28:38
  • Multiple Updates
2015-06-26 21:29:34
  • Multiple Updates
2015-06-25 21:25:23
  • First insertion