Executive Summary
Summary | |
---|---|
Title | Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA |
Informations | |||
---|---|---|---|
Name | cisco-sa-20150625-ironport | First vendor Publication | 2015-06-25 |
Vendor | Cisco | Last vendor Modification | 2015-06-25 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 5 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) are affected by the following vulnerabilities: Cisco Virtual WSA, ESA, and SMA Default Authorized SSH Key Vulnerability Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability Cisco has released free software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVYwnmopI1I6i1Mx3AQI8DA//UJpwngo+3TKUbizNCHSpjP5+lZxyiekt KSS/5AiI3xjJ1Jwm/x7ag2bmnvJToY/5kMi9MEYX5iuS/QdtThW3i34P80miK8aS 8O4/LM1rcHCnKvYtIfvsJz8fieMMys/3s7upAi4QuDszwvB8tVOsJBgDjtUbIf54 UzfoAtyK8aF95xtNyng3eeVP+8w+SHsUMuUGOfDIT6S4tmjlCLTe9/vpAlfJWUvI bUVY26nVXgcH/fOYTYabjuiPj/1Ox5Hc/UPgu/P1Zeccrn3t/+x3PeB3YQe8qc6m kVdrtJQu6PxjKHdRDTeH1agAvm4E438JDCbuQObj6lf+mQjpDpWvBuJaUNPh05Dx 0cWX4Y1UhzCZwsITI/BnGLUZ898Ho6MxcD2jl+f2/UYvSeZRH0UptwlwqOpU9HvL Za3I1Jy662426A/IX/rgvoQQDATbNQ8hOh7GsVeVPE7IZhCtUtelauKm3gfyHYPR HdALNZxUaiueavYGEO8873JB4FDY/hS/e8/nkk/9yfW1hLvxZ7HpPvA/5nQf7Nha KkB8JBffO3A173LS3ko9NBAIpx4el8zzhye4xoWU7r+wcTWwt1NcccTX7PEQ+fG0 ynSrBZuMWuNeKazmOZe0zIWfrWhaWtcqB609+4YvVP4gyiphW50p1janw5CkW1NF rAKcc/vfKO4= =Gmcx END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
67 % | CWE-200 | Information Exposure |
33 % | CWE-310 | Cryptographic Issues |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-07-02 | IAVM : 2015-A-0136 - Multiple Vulnerabilities in Multiple Cisco Security Appliances Severity : Category I - VMSKEY : V0061051 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-07-02 | Name : The remote security appliance is missing a vendor-supplied patch. File : cisco_ironport_default_host_key.nasl - Type : ACT_GATHER_INFO |
2015-07-02 | Name : The remote host is missing a vendor-supplied security patch. File : cisco_ironport_static_keys.nasl - Type : ACT_ATTACK |
Alert History
Date | Informations |
---|---|
2015-10-18 17:22:09 |
|
2015-07-03 13:28:38 |
|
2015-06-26 21:29:34 |
|
2015-06-25 21:25:23 |
|