The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices prior to 2015-06-25 uses the same default SSH root authorized key across different customers' installations, which makes it easier for remote malicious users to bypass authentication by leveraging knowledge of a private key from another installation, aka Bug IDs CSCuu95988, CSCuu95994, and CSCuu96630.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco web security virtual appliance 7.7.5 |
||
cisco email security virtual appliance 8.5.7 |
||
cisco email security virtual appliance 8.5.6 |
||
cisco email security virtual appliance 8.0.0 |
||
cisco web security virtual appliance 8.7.0 |
||
cisco content security management virtual appliance 9.0.0.087 |
||
cisco web security virtual appliance 8.5.1 |
||
cisco web security virtual appliance 8.0.5 |
||
cisco content security management virtual appliance 8.4.0.0150 |
||
cisco email security virtual appliance 9.0.0 |
||
cisco web security virtual appliance 8.6.0 |
||
cisco web security virtual appliance 8.5.0 |
Vulmon