Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Multiple Default SSH Keys Vulnerabilities in Cisco Virtual WSA, ESA, and SMA

cisco-sa-20150625-ironport · Critical · Published · Updated

Cisco Web Security Virtual Appliance (WSAv), Cisco Email Security Virtual Appliance (ESAv), and Cisco Security Management Virtual Appliance (SMAv) are affected by the following vulnerabilities: Cisco Virtual WSA, ESA, and SMA Default Authorized SSH Key Vulnerability Cisco Virtual WSA, ESA, and SMA Default SSH Host Keys Vulnerability Cisco has released software updates that address these vulnerabilities. There are no workarounds for these vulnerabilities. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150625-ironport

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds for these vulnerabilities.

CVEsCVE-2015-4216, CVE-2015-4217
Cisco Bug IDsCSCus29681, CSCuu95676, CSCuu95988, CSCuu95994, CSCuu96601, CSCuu96630
CVSS ScoreBase 9.3
Base 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Base 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N/E:F/RL:OF/RC:C
Product Names From Source
Cisco Content Security Management Virtual Appliance, Cisco Email Security Virtual Appliance, Cisco Web Security Virtual Appliance

Related Products

Product CVE Evidence
Cisco Web Security Virtual Appliance CVE-2015-4217 Cisco OpenVuln
Cisco Web Security Virtual Appliance CVE-2015-4216 Cisco OpenVuln
Cisco Email Security Virtual Appliance CVE-2015-4217 Cisco OpenVuln
Cisco Email Security Virtual Appliance CVE-2015-4216 Cisco OpenVuln
Cisco Content Security Management Virtual Appliance CVE-2015-4217 Cisco OpenVuln
Cisco Content Security Management Virtual Appliance CVE-2015-4216 Cisco OpenVuln