2 SSH vulnerabilities have been discovered on Cisco Virtual Appliances because the virtual machines running on VMWare and KVM virtualization platforms share a default authorized SSH key. There are already patches for these vulnerabilities. The SSH keys were initially created for customer support access. If a user were to maliciously employ these keys, they would have unlimited access and control.
Tim Erlin, director of IT security and risk strategy at Tripwire, says it is hard to say what the impact would be as no one knows the number of devices deployed.
Tim Erlin, director of IT security and risk strategy at Tripwire :
“To truly understand the scope of impact of any vulnerability, we’d have to know the number of devices actually deployed.
It’s great that there’s an update to address this issue, but customers must actually apply the patch to be protected. Unfortunately, there’s often a lag between update availability and effective deployment of patches, creating a window of risk.
Because this vulnerability affects virtual images, it’s entirely possible that some infected images could lay dormant through the initial update cycle, then introduce the vulnerability at a later date.”