The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices prior to 2015-06-25 uses the same default SSH host keys across different customers' installations, which makes it easier for remote malicious users to defeat cryptographic protection mechanisms by leveraging knowledge of a private key from another installation, aka Bug IDs CSCus29681, CSCuu95676, and CSCuu96601.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
cisco web security virtual appliance 8.6.0 |
||
cisco web security virtual appliance 8.5.1 |
||
cisco web security virtual appliance 8.5.0 |
||
cisco web security virtual appliance 8.0.5 |
||
cisco content security management virtual appliance 8.4.0.0150 |
||
cisco content security management virtual appliance 9.0.0.087 |
||
cisco email security virtual appliance 9.0.0 |
||
cisco email security virtual appliance 8.5.7 |
||
cisco email security virtual appliance 8.0.0 |
||
cisco email security virtual appliance 8.5.6 |
||
cisco web security virtual appliance 8.7.0 |
||
cisco web security virtual appliance 7.7.5 |
Vulmon