Cisco has recently fixed a trivial but serious issue in its Umbrella Virtual Appliance. The flaw mainly included the existence of a static SSH key in Cisco Umbrella VA that allowed an adversary to steal admin credentials.
Static SSH Key Flaw In Cisco Umbrella VA
According to the latest advisory, Cisco Umbrella Virtual Appliance (VA) had a faulty authentication mechanism exposing it to security risks.
Specifically, Umbrella Virtual Appliance is a cloud-based Secure Internet Gateway from Cisco protecting users from online security threats. It secures networks and all linked devices from malware, ransomware, and similar threats. Thus, many organizations use this tool for online security.
As explained, the presence of a static SSH host key caused the authentication flaw, exploiting which could let an unauthenticated remote adversary access the target system via MiTM attacks.
Describing the impact of this vulnerability, the advisory reads,
An attacker could exploit this vulnerability by performing a man-in-the-middle attack on an SSH connection to the Umbrella VA. A successful exploit could allow the attacker to learn the administrator credentials, change configurations, or reload the VA.
Regarding the vulnerable products, Cisco stated,
This vulnerability affects the Cisco Umbrella Virtual Appliance for both VMWare ESXi and Hyper-V running a software version earlier than 3.3.2.
This vulnerability (CVE-2022-20773) has received a high-severity rating, with a CVSS score of 7.5. While no workaround exists to mitigate the flaw, the firm has indeed fixed the bug and released the patch with the subsequent update 3.3.2.
Besides, Cisco confirmed that Umbrella VA does not come with SSH enabled by default. Hence, it won’t be a threat for many users, unless they have intentionally enabled SSH.
The firm also confirmed to have found no evidence of active exploitation of this bug. However, it’s still wise for the users to update their systems at the earliest to avoid any risks.
Let us know your thoughts in the comments.