Vulnslist

Cisco vulnerabilities by product, model, software, and advisory.

Cisco Policy Suite Static SSH Keys Vulnerability

cisco-sa-cps-static-key-JmS92hNv · Critical · Published · Updated

A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to a weakness in the SSH subsystem of an affected system. An attacker could exploit this vulnerability by connecting to an affected device through SSH. A successful exploit could allow the attacker to log in to an affected system as the root user. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cps-static-key-JmS92hNv

Cisco advisory · CSAF JSON

Workarounds

There are no workarounds that address this vulnerability.

CVEsCVE-2021-40119
Cisco Bug IDsCSCvw24544
CVSS ScoreBase 9.8
Base 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X
Product Names From Source
Cisco Policy Suite (CPS) Software

Related Products

Product CVE Evidence
Cisco Policy Suite (CPS) Software CVE-2021-40119 Cisco OpenVuln