CVE-2015-4217 — Sensitive Information Exposure in Cisco Content Security Management Virtual Appliance

CWE-200 — Sensitive Information Exposure CWE-3105 documents4 sources

Severity

4.3MEDIUMNVD

EPSS

0.7%

top 28.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Content Security Management Virtual Appliance Cisco Email Security Virtual Appliance Cisco WEB Security Virtual Appliance

Timeline

PublishedJun 26

Latest updateMay 17

Description

The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDcisco/email_security_virtual_appliance4 versions+3

▶NVDcisco/content_security_management_virtual_appliance8.4.0.0150, 9.0.0.087+1

▶NVDcisco/web_security_virtual_appliance6 versions+5

🔴Vulnerability Details

GHSA

GHSA-rwpv-8h6r-wrrr: The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Ap↗2022-05-17

▶

CVEList

CVE-2015-4217: The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Ap↗2015-06-26

▶

📋Vendor Advisories

Cisco

Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability↗2015-06-25

▶

Cisco

Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA↗2015-06-25

▶