鸿 网 互 联 www.68idc.cn

Cisco Virtual WSA/ESA/SMA 默认授权SSH密钥漏洞(CVE-2015-4216)

来源:互联网 作者:佚名 时间:2015-07-27 19:29
Cisco WSAv, ESAv, SMAv设备中,remote-support功能使用了相同的默认SSH root授权密钥,这可使未经身份验证的远程攻击者以root权

Cisco Virtual WSA/ESA/SMA 默认授权SSH密钥漏洞(CVE-2015-4216)


发布日期:2015-06-15
更新日期:2015-06-29

受影响系统:

Cisco Content Security Management Virtual Appliance 9.0 .0.087
Cisco Content Security Management Virtual Appliance 8.4 .0.0150
Cisco Email Security Virtual Appliance 9.1 .0
Cisco Email Security Virtual Appliance 9.0 .0
Cisco Email Security Virtual Appliance 8.5 .7
Cisco Email Security Virtual Appliance 8.5 .6
Cisco Email Security Virtual Appliance 8.0 .0
Cisco Web Security Virtual Appliance 8.7 .0
Cisco Web Security Virtual Appliance 8.6 .0
Cisco Web Security Virtual Appliance 8.5 .0
Cisco Web Security Virtual Appliance 8.5  .1
Cisco Web Security Virtual Appliance 8.0 .5
Cisco Web Security Virtual Appliance 7.7 .5

描述:

CVE(CAN) ID: CVE-2015-4216

思科是全球领先的互联网解决方案供应商。

Cisco WSAv, ESAv, SMAv设备中,,remote-support功能使用了相同的默认SSH root授权密钥,这可使未经身份验证的远程攻击者以root权限访问受影响系统。

<*来源:Cisco
 
  链接:
*>

建议:

厂商补丁:

Cisco
-----
Cisco已经为此发布了一个安全公告(cisco-sa-20150625-ironport)以及相应补丁:
cisco-sa-20150625-ironport:Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA
链接:

本文永久更新链接地址

网友评论
<