Martin's selection of few interesting IT Security, Privacy, and free tools from the Net: Default Authorized SSH Key - in Cisco "Security" Appliances

Thursday, June 25, 2015

Default Authorized SSH Key - in Cisco "Security" Appliances - Allows attacker full control

Are you kidding me?
On "SECURITY" Appliances?

From the article:

The company said that all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

The company said that all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

Occasionally vendors mistakenly ship a single default SSH key across an entire product line. While it’s better than telnet, all it takes for an attacker to compromise these devices is to get a hold of one of them (or an Internet mirror of the firmware), extract the key, and then go to town,” said Tod Beardsley, security engineering manager at Rapid7.

Cisco says there is no workaround for the vulnerability, but it has released patches for all of the affected software versions

For more information:
https://threatpost.com/default-ssh-key-found-in-many-cisco-security-appliances/113480

Martin's selection of few interesting IT Security, Privacy, and free tools from the Net

Thursday, June 25, 2015

Default Authorized SSH Key - in Cisco "Security" Appliances - Allows attacker full control

No comments:

Post a Comment

Popular Posts

Categories

Blog Archive