Security News > 2021 > November > Hardcoded SSH Key in Cisco Policy Suite Lets Remote Hackers Gain Root Access
Cisco Systems has released security updates to address vulnerabilities in multiple Cisco products that could be exploited by an attacker to log in as a root user and take control of vulnerable systems.
Tracked as CVE-2021-40119, the vulnerability has been rated 9.8 in severity out of a maximum of 10 on the CVSS scoring system and stems from a weakness in the SSH authentication mechanism of Cisco Policy Suite.
"An attacker could exploit this vulnerability by connecting to an affected device through SSH," the networking major explained in an advisory, adding "A successful exploit could allow the attacker to log in to an affected system as the root user." Cisco said the bug was discovered during internal security testing.
Cisco Policy Suite Releases 21.2.0 and later will also automatically create new SSH keys during installation, while requiring a manual process to change the default SSH keys for devices being upgraded from 21.1.0.
Also addressed by Cisco are multiple critical vulnerabilities affecting web-based management interface of the Cisco Catalyst Passive Optical Network Series Switches Optical Network Terminal that could enable an unauthenticated, remote attacker to log in using an inadvertent debugging account existing in the device and take over control, perform a command injection, and modify the configuration of the device.
Lastly, Cisco has remediated two more high-severity flaws in Cisco Small Business Series Switches and Cisco AsyncOS that could allow unauthenticated, remote adversaries to gain unauthorized access to the web-based management interface of the switches and carry out a denial of service attack -.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-11-04 | CVE-2021-40119 | Use of Hard-coded Credentials vulnerability in Cisco Policy Suite A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. | 9.8 |