cbcvebase.
CVE-2021-40119
published 2021-11-04

CVE-2021-40119: A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected…

PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.42%
82.1th percentile
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_policy_suite_software
ciscopolicy_suite< 21.1.021.1.0
ciscopolicy_suite_static_ssh_keys

Detection & IOCsextracted from sources · hover to see the quote

  • Detect unauthenticated SSH login attempts to Cisco Policy Suite systems as the root user, which may indicate exploitation of static/reused SSH keys across installations.
  • Monitor for SSH connections to Cisco Policy Suite devices authenticating as root via public-key authentication, especially from unexpected or external source IPs.
  • ·The vulnerability is caused by static SSH keys that are reused across all Cisco Policy Suite installations. Any attacker who extracts the key from one installation can use it to authenticate as root on any other affected installation. There are no workarounds; software updates are required.
  • ·There are no workarounds available for this vulnerability. Cisco has released software updates that must be applied to remediate the static SSH key issue (Cisco Bug ID: CSCvw24544).

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.