Cisco has pushed out security updates to address two vulnerabilities in its Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content Security Management Virtual Appliance (SMAv) software.
The first one exists because a default authorized SSH key is shared across all the installations of those three appliances, and can be exploited by unauthenticated, remote attackers to connect to those appliances and gain root access, i.e. complete control of them.
Leave a reply
