Cisco Security Appliances Found To Have Default SSH Keys

Trailrunner7 writes: Many Cisco security appliances contain default, authorized SSH keys that can allow an attacker to connect to an appliance and take almost any action he chooses. The company said all of its Web Security Virtual Appliances, Email Security Virtual Appliances, and Content Security Management Virtual Appliances are affected by the vulnerability.

This bug is about as serious as they come for enterprises. An attacker who is able to discover the default SSH key would have virtually free reign on vulnerable boxes, which, given Cisco's market share and presence in the enterprise worldwide, is likely a high number. The default key apparently was inserted into the software for support reasons.

"The vulnerability is due to the presence of a default authorized SSH key that is shared across all the installations of WSAv, ESAv, and SMAv. An attacker could exploit this vulnerability by obtaining the SSH private key and using it to connect to any WSAv, ESAv, or SMAv. An exploit could allow the attacker to access the system with the privileges of the root user," Cisco said.

Re:Using Linux would prevent these Cisco mishaps!

[ArmoredDragon]

Cisco is very much a "configure it yourself" type of deal. In fact their whole certification track above the CCENT level revolves heavily around knowing the IOS command syntax.

You can substitute their routers for Linux, but NOT their layer 3 switches, unless you really don't give a shit about performance in an enterprise environment.