Information disclosure in Cisco Content_security_management_virtual_appliance
CVE-2015-4216
The remote-support feature on Cisco Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Security Management Virtual Appliance (SMAv) devices before 2015-06-25 uses the same default SSH root authorized key ac…
Vulnerability class: Information Disclosure
EPSS: 0.009 (75.8th percentile) — read the EPSS interpretation.
Affected products
- Cisco Content_security_management_virtual_appliance — versions 8.4.0.0150, 9.0.0.087
- Cisco Email_security_virtual_appliance — versions 8.0.0, 8.5.6, 8.5.7
- Cisco Web_security_virtual_appliance — versions 7.7.5, 8.0.5, 8.5.0
- N/a — versions n/a
Weakness classification (CWE)
References
- 20150625 Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA (x_refsource_CISCO, vendor-advisory, Vendor Advisory)
- 1032725 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 1032726 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_SECTRACK)
- 75417 (Third Party Advisory, VDB Entry, vdb-entry, x_refsource_BID)