CVE-2015-4216 — Sensitive Information Exposure in Cisco Content Security Management Virtual Appliance

CWE-200 — Sensitive Information Exposure CWE-3104 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.9%

top 24.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Content Security Management Virtual Appliance Cisco Email Security Virtual Appliance Cisco WEB Security Virtual Appliance

Timeline

PublishedJun 26

Latest updateMay 17

Description

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote attackers to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDcisco/email_security_virtual_appliance4 versions+3

▶NVDcisco/content_security_management_virtual_appliance8.4.0.0150, 9.0.0.087+1

▶NVDcisco/web_security_virtual_appliance6 versions+5

🔴Vulnerability Details

GHSA

GHSA-775r-5j4x-p42j: The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Ap↗2022-05-17

▶

CVEList

CVE-2015-4216: The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Ap↗2015-06-26

▶

📋Vendor Advisories

Cisco

Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA↗2015-06-25

▶