CVE-2021-40119
Cisco Policy Suite Static SSH Keys Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.
Una vulnerabilidad en el mecanismo de autenticación SSH basado en claves de Cisco Policy Suite podría permitir a un atacante remoto no autenticado iniciar sesión en un sistema afectado como usuario root. Esta vulnerabilidad es debido a la reutilización de claves SSH estáticas entre instalaciones. Un atacante podría explotar esta vulnerabilidad al extraer una clave de un sistema bajo su control. Una explotación con éxito podría permitir al atacante iniciar sesión en un sistema afectado como usuario root
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2021-08-25 CVE Reserved
- 2021-11-04 CVE Published
- 2024-07-19 EPSS Updated
- 2024-11-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-321: Use of Hard-coded Cryptographic Key
- CWE-798: Use of Hard-coded Credentials
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Policy Suite Search vendor "Cisco" for product "Policy Suite" | < 21.1.0 Search vendor "Cisco" for product "Policy Suite" and version " < 21.1.0" | - |
Affected
| ||||||