CVE-2021-40119: Cisco Policy Suite Static SSH Keys Vulnerability
First published: Thu Nov 04 2021(Updated: )
A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Policy Suite | <21.1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Cisco Policy Suite vulnerability?
The vulnerability ID is CVE-2021-40119.
What is the severity rating of CVE-2021-40119?
The severity rating of CVE-2021-40119 is critical with a CVSS score of 9.8.
What software is affected by CVE-2021-40119?
Cisco Policy Suite versions up to and including 21.1.0 are affected by CVE-2021-40119.
How does CVE-2021-40119 exploit the system?
CVE-2021-40119 allows an unauthenticated, remote attacker to log in to an affected system as the root user by exploiting the reuse of static SSH keys across installations.
Is there a fix available for CVE-2021-40119?
Yes, Cisco has released a security advisory with mitigation details for CVE-2021-40119. Please refer to the advisory for more information.
- collector/nvd-index
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/tags
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/event
- vendor/cisco
- canonical/cisco policy suite