CVE-2021-40119
published 2021-11-04CVE-2021-40119: A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected…
PriorityP267critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.42%
82.1th percentile
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_policy_suite_software | — | — |
| cisco | policy_suite | < 21.1.0 | 21.1.0 |
| cisco | policy_suite_static_ssh_keys | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect unauthenticated SSH login attempts to Cisco Policy Suite systems as the root user, which may indicate exploitation of static/reused SSH keys across installations. ↗
- →Monitor for SSH connections to Cisco Policy Suite devices authenticating as root via public-key authentication, especially from unexpected or external source IPs. ↗
- ·The vulnerability is caused by static SSH keys that are reused across all Cisco Policy Suite installations. Any attacker who extracts the key from one installation can use it to authenticate as root on any other affected installation. There are no workarounds; software updates are required. ↗
- ·There are no workarounds available for this vulnerability. Cisco has released software updates that must be applied to remediate the static SSH key issue (Cisco Bug ID: CSCvw24544). ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Policy Suite Static SSH Keys Vulnerability
vendor_cisco·2021-11-03·CVSS 9.8
CVE-2021-40119 [CRITICAL] CWE-321 Cisco Policy Suite Static SSH Keys Vulnerability
Cisco Policy Suite Static SSH Keys Vulnerability
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user.
This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the root user.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv
Cisco
Cisco Policy Suite Static SSH Keys Vulnerability
vendor_cisco·CVSS 3.1
CVE-2021-40119 Cisco Policy Suite Static SSH Keys Vulnerability
CVE-2021-40119: Cisco Policy Suite Static SSH Keys Vulnerability
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the root user. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-321, CWE-321
Bug IDs: CSCvw24544
GHSA
GHSA-wjwm-57j9-gm6h: A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an af
ghsa_unreviewed·2022-05-24
CVE-2021-40119 [CRITICAL] CWE-798 GHSA-wjwm-57j9-gm6h: A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an af
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-04
Published