Detections
Analytics

Cisco Ironport Security Appliance Authorized Key Vulnerability

high Nessus Plugin ID 84501

Language:

Synopsis

The remote host is missing a vendor-supplied security patch.

Description

The remote Cisco security appliance contains a default entry in the authorized_keys file. This allows an attacker with knowledge of the private key to connect to the system with privileges of the root user.

Solution

Apply the relevant update referenced in Cisco Security Advisory cisco-sa-20150625-ironport.

See Also

http://www.nessus.org/u?fab9519e

Plugin Details

Severity: High

ID: 84501

File Name: cisco_ironport_static_keys.nasl

Version: 1.14

Type: remote

Family: CISCO

Published: 7/2/2015

Updated: 6/12/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2015-4216

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:web_security_virtual_appliance, cpe:/a:cisco:content_security_management_virtual_appliance, cpe:/o:cisco:asyncos, cpe:/a:cisco:email_security_virtual_appliance

Excluded KB Items: global_settings/supplied_logins_only

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 6/25/2015

Vulnerability Publication Date: 6/25/2015

Reference Information

CVE: CVE-2015-4216

CISCO-SA: cisco-sa-20150625-ironport

IAVA: 2015-A-0136

CISCO-BUG-ID: CSCuu95988, CSCuu95994, CSCuu96630