Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco Umbrella Virtual Appliance Static SSH Host Key Vulnerability
Vulnerability Description
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance (VA) could allow an unauthenticated, remote attacker to impersonate a VA. This vulnerability is due to the presence of a static SSH host key. An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA. Note: SSH is not enabled by default on the Umbrella VA.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
使用硬编码的密码学密钥
Vulnerability Title
Cisco Umbrella 信任管理问题漏洞
Vulnerability Description
Cisco Umbrella是美国思科(Cisco)公司的一套云安全平台。该平台能够预防网络钓鱼、恶意软件和勒索软件等网络威胁。 Cisco Umbrella 虚拟设备(VA)存在安全漏洞,该漏洞源于存在静态 SSH 主机密钥。攻击者利用此漏洞可以通过对与 Umbrella VA 的 SSH 连接执行中间人攻击。成功利用此漏洞可让攻击者了解管理员凭据、更改配置或重新加载 VA。以下产品和版本受到影响:3.2 及之前版本和 3.3 版本。
CVSS Information
N/A
Vulnerability Type
N/A