cbcvebase.
CVE-2017-5242
published 2023-01-12

CVE-2017-5242: Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key…

PriorityP335high7.7CVSS 3.1
AVNACHPRLUIRSCCHIHAN
EPSS
0.38%
29.4th percentile
Nexpose and InsightVM virtual appliances downloaded between April 5th, 2017 and May 3rd, 2017 contain identical SSH host keys. Normally, a unique SSH host key should be generated the first time a virtual appliance boots.

Affected

5 ranges
VendorProductVersion rangeFixed in
rapid7insightvm2017-04-05 – 2017-05-03
rapid7insightvm_virtual_appliance>= 2017.04.05 < 2017.04.05*2017.04.05*
rapid7insightvm_virtual_appliance2017.05.03 – 2017.05.03
rapid7nexpose_virtual_appliance>= 2017.04.05 < 2017.04.05*2017.04.05*
rapid7nexpose_virtual_appliance2017.05.03 – 2017.05.03
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.