Default SSH keys left Cisco appliances susceptible to attack

Cisco has released a patch for its web security, email security, and security management virtual appliances after finding default SSH keys that left its hardware open to unauthorised root logins.

Cisco has found default SSH key vulnerabilities in three of its virtual appliances that are already commercially available.

The company warned that there are two types of known flaws within its SSH keys, a default authorised SSH key vulnerability, and a default SSH host keys vulnerability. Cisco's Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) are the three products affected by these weaknesses.

"The vulnerability is due to the presence of a default authorised SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv." the company said in its security advisory.

"An exploit could allow the attacker to access the system with the privileges of the root user."

The advisory said that the default key vulnerability exists in the remote support functionality of the affected products.

Of the second vulnerability, the advisory said that the WSAv, ESAv, and SMAv software could allow an unauthenticated, remote attacker to decrypt and impersonate secure communication between any virtual content security appliances.

"An attacker with possession of compromised keys, who is able to intercept traffic between the WSAv or ESAv and a host it is communicating with, would be able to decrypt the communication with a man-in-the-middle attack."

According to the company, these issues were discovered during internal security testing.

Cisco said that there are no workarounds for the known issues, but has made software updates available to authorised users that will patch the concerns. Its advisory said that the patch is not required for physical hardware appliances, or for virtual appliance downloads or upgrades after June 25, 2015.

Last month, Cisco said that it wanted to turn the network into a security sensor, aiming to have security throughout Cisco's offering in the datacentre, right up to the end user, and all connected devices.

The company said it is seeking to turn the entire network into sensors and security enforcers to identify threats to the network.